| عنوان | SourceCodester Online Examination System Project V1.0 SQL Injection |
|---|
| الوصف | zebra11 discovered a significant security vulnerability in the Online Examination System Project, caused by inadequate protection of the "email" parameter in the "registeracc.php" file. This vulnerability could be exploited to inject malicious SQL queries, leading to unauthorized access and the extraction of sensitive information from the database.
The method on line 22 of the "registeracc.php" file retrieves the value of the user input "email" from the POST element. Then the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the method on line 27 of the "registeracc.php" file. This may lead to SQL injection attacks. |
|---|
| المصدر | ⚠️ https://github.com/CveSecLook/cve/issues/32 |
|---|
| المستخدم | zebra11 (UID 68838) |
|---|
| ارسال | 15/05/2024 06:51 PM (2 سنوات منذ) |
|---|
| الاعتدال | 17/05/2024 07:51 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 264743 [SourceCodester Online Examination System 1.0 registeracc.php email حقن SQL] |
|---|
| النقاط | 20 |
|---|