إرسال #749255: code-projects Online Examination System in PHP unknown sqlالمعلومات

عنوان	code-projects Online Examination System in PHP unknown sql
الوصف	Multiple scripts within the "Online Examination System in PHP" perform SQL queries by directly concatenating unsanitized user input into SQL statements (notably in `login.php`, `login_admin.php`, `add_user.php`, and `addmembers.php`). User-supplied fields such as `username`, `password`, and other form parameters are used verbatim in queries like `SELECT ... WHERE username='$username' AND password='$password'` and direct INSERT statements, allowing an attacker to inject SQL payloads. Successful exploitation can result in authentication bypass, disclosure of sensitive data (including user passwords stored in plaintext), modification or deletion of database records, and full database compromise depending on the database privileges. The vulnerability is present in both authentication and data-entry routes (login forms and user/member creation endpoints).
المستخدم	imcoming (UID 95032)
ارسال	30/01/2026 11:09 AM (3 أشهر منذ)
الاعتدال	07/02/2026 03:54 PM (8 days later)
الحالة	تمت الموافقة
إدخال VulDB	344874 [code-projects Online Examination System 1.0 login.php username/password حقن SQL]
النقاط	17

Interested in the pricing of exploits?

See the underground prices here!