| शीर्षक | Github Event-Management-System Of PuneethReddyHC V1.0 SQL Injection |
|---|
| विवरण | The Event-Management-System application does not properly validate or sanitize user input for the college event_id parameter. This results in a confirmed SQL Injection vulnerability. An unauthenticated remote attacker can construct and execute malicious SQL statements through the affected endpoint and backend SQL sink.
Attack Conditions: No authentication or authorization is required. The vulnerable endpoint is reachable over the network in a default installation.
Potential Impact: In the local test environment, sqlmap successfully confirmed SQL injection and produced direct exploitation evidence such as DBMS identification, database enumeration, table enumeration, or sample data extraction. This demonstrates a practical path to unauthorized backend data disclosure and may also enable data tampering or service impact depending on the database privileges used by the application.
Not required for this verification state. |
|---|
| स्रोत | ⚠️ https://github.com/lyf3273/CVE/issues/1 |
|---|
| उपयोगकर्ता | kalasama (UID 97462) |
|---|
| सबमिशन | 19/04/2026 03:18 PM (2 महीनों पहले) |
|---|
| संयम | 16/05/2026 11:39 AM (27 days later) |
|---|
| स्थिति | प्रतिलिपि |
|---|
| VulDB प्रविष्टि | 259613 [PuneethReddyHC Event Management 1.0 /backend/register.php event_id/full_name/email/mobile/college/branch SQL इंजेक्शन] |
|---|
| अंक | 0 |
|---|