Submit #335527: SourceCodester Online Examination System Project V1.0 SQL Injectioninfo

TitelSourceCodester Online Examination System Project V1.0 SQL Injection
Beschreibungzebra11 discovered a significant security vulnerability in the Online Examination System Project, caused by inadequate protection of the "email" parameter in the "registeracc.php" file. This vulnerability could be exploited to inject malicious SQL queries, leading to unauthorized access and the extraction of sensitive information from the database. The method on line 22 of the "registeracc.php" file retrieves the value of the user input "email" from the POST element. Then the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the method on line 27 of the "registeracc.php" file. This may lead to SQL injection attacks.
Quelle⚠️ https://github.com/CveSecLook/cve/issues/32
Benutzer
 zebra11 (UID 68838)
Einreichung15.05.2024 18:51 (vor 2 Jahren)
Moderieren17.05.2024 07:51 (2 days later)
StatusAkzeptiert
VulDB Eintrag264743 [SourceCodester Online Examination System 1.0 registeracc.php email SQL Injection]
Punkte20

Do you need the next level of professionalism?

Upgrade your account now!