| शीर्षक | Yash Pokharna StudentManagementSystem 1.0 SQL Injection |
|---|
| विवरण | Describe the bug
Two critical issues exist in student_trans.php:
Broken Access Control: The script does not include session.php or call confirm_logged_in(), leaving the endpoint completely unauthenticated. Anyone can access it without a valid session cookie.
SQL Injection: User-supplied POST parameters (FIRST_NAME, Last_Name, EMAIL, etc.) are directly concatenated into an INSERT SQL statement without sanitization or parameterized queries.
An attacker can exploit this to insert arbitrary data (including malicious XSS payloads) into the database, or perform time‑based/error‑based SQL injection. |
|---|
| स्रोत | ⚠️ https://github.com/yashpokharna2555/StudentManagementSystem/issues/3 |
|---|
| उपयोगकर्ता | Levis1 (UID 96766) |
|---|
| सबमिशन | 27/04/2026 10:44 AM (1 महीना पहले) |
|---|
| संयम | 24/05/2026 11:06 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365451 [yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 student_trans.php confirm_logged_in FIRST_NAME/Last_Name/EMAIL SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|