| Titel | code-projects Student Result Manager 1.0 SQL Injection |
|---|
| Beschreibung | A SQL Injection vulnerability (CWE-89) exists in Student Result Manager's where SQL statements are built via unsafe string concatenation using untrusted input (roll, name, gpa) and executed with Statement.execute(...); an attacker who can supply specially crafted values (for example setting the roll parameter to ' || (SELECT version()) || ') can alter query logic to read, modify, or delete database contents, execute arbitrary SQL, and potentially escalate to full database compromise depending on database privileges. |
|---|
| Quelle | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md |
|---|
| Benutzer | lakshay12311 (UID 91298) |
|---|
| Einreichung | 07.10.2025 08:47 (vor 8 Monaten) |
|---|
| Moderieren | 09.10.2025 13:16 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 327710 [code-projects Student Result Manager 1.0 Database.java roll/name/gpa SQL Injection] |
|---|
| Punkte | 20 |
|---|