| タイトル | Fabian Ros Student Information System In PHP With Source Code November 2, 2025 SQL Injection |
|---|
| 説明 | A widespread SQL Injection vulnerability pattern exists in the Student Information System (version uploaded on November 2, 2025) which allows remote attackers to execute arbitrary SQL commands via multiple parameters.
The application fails to sanitize user input and does not use parameterized queries across several key endpoints. Specifically:
UNION-based SQLi exists in /searchresults.php via the searchbox parameter, allowing full database exfiltration.
Time-based Blind SQLi exists in /register.php via the username parameter.
Authentication Bypass and Blind SQLi exist in the login function in /index.php via the username and password parameters.
An attacker can leverage these flaws to bypass authentication, extract sensitive records from the database, or manipulate data, posing a critical risk to the confidentiality and integrity of the system. |
|---|
| ソース | ⚠️ https://github.com/i4G5d/CRITICAL-SEVERITY-VULNERABILITY-REPORT-Widespread-SQLI |
|---|
| ユーザー | i4g5d (UID 92060) |
|---|
| 送信 | 2025年12月20日 17:17 (4 月 ago) |
|---|
| モデレーション | 2025年12月23日 15:33 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 337859 [code-projects Student Information System 1.0 /searchresults.php searchbox SQLインジェクション] |
|---|
| ポイント | 20 |
|---|