| Titolo | SourceCodester Online Student File Management System 1.0 SQL Injection |
|---|
| Descrizione | During the security review of the "Online Student File Management System", I discovered a critical SQL injection vulnerability within the file inclusion chain: /admin/index.php → /admin/login.php → /admin/login_query.php. Specifically, when users access /admin/index.php, it includes /admin/login.php to display the login form, and /admin/login.php subsequently includes /admin/login_query.php to handle the login logic. In line 9 of /admin/login_query.php, the username parameter is directly inserted into the SQL query: "SELECT * FROM user WHERE username = '$username' && password = '$password'" without any input validation or parameterized query implementation. This insecure coding practice allows attackers to inject malicious SQL code through the username parameter, potentially gaining unauthorized database access, modifying or deleting data, and accessing sensitive information. Immediate remedial measures are required to ensure system security and protect data integrity.
|
|---|
| Fonte | ⚠️ https://github.com/qcycop0101-hash/CVE/issues/11 |
|---|
| Utente | quchunyi2 (UID 89807) |
|---|
| Sottomissione | 05/09/2025 14:45 (9 mesi fa) |
|---|
| Moderazione | 15/09/2025 16:01 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 323917 [SourceCodester Online Student File Management System 1.0 /admin/index.php Nome utente iniezione SQL] |
|---|
| Punti | 20 |
|---|