Enviar #664870: code-projects Student Crud Operation In PHP V3.3 SQL Injectioninformación

Títulocode-projects Student Crud Operation In PHP V3.3 SQL Injection
DescripciónUnauthenticated SQL Injection in delete.php. The GET parameter “id” is concatenated into a DELETE statement without validation or parameterization, allowing mass deletion of rows in card_activation by visiting: {BASE_URL}/Student-Registration-Crud-Operation/delete.php?id=1%20OR%201%3D1%20--%20. Impact: severe integrity/availability loss. CWE-89. CVSS v3.1 (estimate): AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. Fix: use prepared statements (mysqli->prepare + bind_param("i", id)), validate id as integer, require authentication/authorization. project link: https://code-projects.org/student-crud-operation-in-php-with-source-code/ 1 source code download link: https://download.code-projects.org/details/c4836779-1828-4e2b-95c2-e027096314c6
Fuente⚠️ https://github.com/romatdibrohiksnov/vulndb.com/blob/main/Student%20Crud%20Operation%20In%20PHP%20Unauthenticated%20SQL%20Injection%20allows%20mass%20deletion%20in%20delete.php.md
Usuario
 px_kanten (UID 90960)
Sumisión2025-09-29 08:13 (hace 8 meses)
Moderación2025-10-06 08:08 (7 days later)
EstadoAceptado
Entrada de VulDB327228 [code-projects Student Crud Operation 3.3 delete.php ID inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!