| Titel | SourceCodester Simple Student Attendance System using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| Beschreibung | The vulnerability exists in the student_form.php file at line 6, where the id parameter is accepted without proper sanitization and validation. This id parameter is subsequently passed to the get_student() function located in actions.class.php at line 127. Due to insufficient input validation, this allows for SQL Injection attacks that indeed lead to xss in in the student_form.php file at line 22. |
|---|
| Quelle | ⚠️ https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing |
|---|
| Benutzer | R0ck3t (UID 70759) |
|---|
| Einreichung | 18.06.2024 20:16 (vor 2 Jahren) |
|---|
| Moderieren | 20.06.2024 19:26 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 269276 [SourceCodester Simple Student Attendance System 1.0 student_form.php get_student ID Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|