जमा करें #791820: ProjectsAndPrograms school-management-system commit 6b6fae5 SQL Injectionजानकारी

शीर्षकProjectsAndPrograms school-management-system commit 6b6fae5 SQL Injection
विवरणA critical SQL Injection vulnerability exists in the buslocation.php file within the student_panel directory of the School Management System. The application fails to properly sanitize or parameterize user-supplied input before using it in a database query. Specifically, on line 54 of student_panel/buslocation.php, the bus_id HTTP GET parameter is directly concatenated into the SQL statement: $sql = "SELECT * FROM bus_root WHERE bus_id='{$_GET['bus_id']}'"; This is a high-severity vulnerability. Successful exploitation allows a remote attacker to bypass intended database query logic.
स्रोत⚠️ https://tcn60zf28jhk.feishu.cn/wiki/MdHFw78Gmi1zbske8Ozc6XTjnIh?from=from_copylink
उपयोगकर्ता
 EthX0_ (UID 96627)
सबमिशन28/03/2026 09:13 AM (4 महीनों पहले)
संयम19/04/2026 12:53 PM (22 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि358230 [ProjectsAndPrograms School Management System तक 6b6fae5426044f89c08d0dd101c7fa71f9042a59 HTTP GET Parameter buslocation.php bus_id SQL इंजेक्शन]
अंक20

Do you know our Splunk app?

Download it now for free!