| Title | SourceCodester Online Examination System Project V1.0 SQL Injection |
|---|
| Description | zebra11 discovered a significant security vulnerability in the Online Examination System Project, caused by inadequate protection of the "email" parameter in the "registeracc.php" file. This vulnerability could be exploited to inject malicious SQL queries, leading to unauthorized access and the extraction of sensitive information from the database.
The method on line 22 of the "registeracc.php" file retrieves the value of the user input "email" from the POST element. Then the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the method on line 27 of the "registeracc.php" file. This may lead to SQL injection attacks. |
|---|
| Source | ⚠️ https://github.com/CveSecLook/cve/issues/32 |
|---|
| User | zebra11 (UID 68838) |
|---|
| Submission | 2024年05月15日 18:51 (11 月 ago) |
|---|
| Moderation | 2024年05月17日 07:51 (2 days later) |
|---|
| Status | 承諾済み |
|---|
| VulDB Entry | 264743 [SourceCodester Online Examination System 1.0 registeracc.php email SQLインジェクション] |
|---|
| Points | 20 |
|---|