Submit #846716: Assessment Management System lecturer/marking-scheme.php SQL Injection Vulnerability v1.0 SQL Injectioninfo

TitelAssessment Management System lecturer/marking-scheme.php SQL Injection Vulnerability v1.0 SQL Injection
Beschreibung# Assessment Management System lecturer/marking-scheme.php SQL Injection Vulnerability A SQL injection vulnerability exists in the `lecturer/marking-scheme.php` file of the Assessment Management System. The application directly concatenates user-controlled input from the `squestions[]` parameter into an SQL `INSERT` statement without proper sanitization or parameterized statements. As a result, an attacker can inject arbitrary SQL syntax into the backend database query. ## ## Impact of the Vulnerability This vulnerability may allow an attacker to manipulate backend SQL queries, trigger database error-based responses, and potentially extract sensitive database information. Because the application returns raw database errors via `mysqli_error($conn)`, successful exploitation can disclose attacker-controlled query output directly in the HTTP response. ## ## Payload ``` 'and/**/extractvalue(1,concat(char(126),md5(1514634218)))and' ``` 'and/**/extractvalue(1,concat(char(126),md5(1514634218)))and' ## Source Download ``` [Assessment Management In PHP With Source Code - Source Code & Projects](https://code-projects.org/assessment-management-in-php-with-source-code/) ```
Quelle⚠️ https://github.com/zzzxc643/CVE1/blob/main/assessment/vul5.md
Benutzer
 SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200)
Einreichung03.06.2026 07:09 (vor 1 Monat)
Moderieren03.07.2026 20:50 (1 month later)
StatusAkzeptiert
VulDB Eintrag376172 [code-projects Assessment Management 1.0 Database Query marking-scheme.php squestions[] SQL Injection]
Punkte20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!