| عنوان | Fabian Ros Student Information System In PHP With Source Code November 2, 2025 SQL Injection |
|---|
| الوصف | A widespread SQL Injection vulnerability pattern exists in the Student Information System (version uploaded on November 2, 2025) which allows remote attackers to execute arbitrary SQL commands via multiple parameters.
The application fails to sanitize user input and does not use parameterized queries across several key endpoints. Specifically:
UNION-based SQLi exists in /searchresults.php via the searchbox parameter, allowing full database exfiltration.
Time-based Blind SQLi exists in /register.php via the username parameter.
Authentication Bypass and Blind SQLi exist in the login function in /index.php via the username and password parameters.
An attacker can leverage these flaws to bypass authentication, extract sensitive records from the database, or manipulate data, posing a critical risk to the confidentiality and integrity of the system. |
|---|
| المصدر | ⚠️ https://github.com/i4G5d/CRITICAL-SEVERITY-VULNERABILITY-REPORT-Widespread-SQLI |
|---|
| المستخدم | i4g5d (UID 92060) |
|---|
| ارسال | 20/12/2025 05:17 PM (4 أشهر منذ) |
|---|
| الاعتدال | 23/12/2025 03:33 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 337859 [code-projects Student Information System 1.0 /searchresults.php searchbox حقن SQL] |
|---|
| النقاط | 20 |
|---|