提出 #749255: code-projects Online Examination System in PHP unknown sql情報

タイトル	code-projects Online Examination System in PHP unknown sql
説明	Multiple scripts within the "Online Examination System in PHP" perform SQL queries by directly concatenating unsanitized user input into SQL statements (notably in `login.php`, `login_admin.php`, `add_user.php`, and `addmembers.php`). User-supplied fields such as `username`, `password`, and other form parameters are used verbatim in queries like `SELECT ... WHERE username='$username' AND password='$password'` and direct INSERT statements, allowing an attacker to inject SQL payloads. Successful exploitation can result in authentication bypass, disclosure of sensitive data (including user passwords stored in plaintext), modification or deletion of database records, and full database compromise depending on the database privileges. The vulnerability is present in both authentication and data-entry routes (login forms and user/member creation endpoints).
ユーザー	imcoming (UID 95032)
送信	2026年01月30日 11:09 (3 月 ago)
モデレーション	2026年02月07日 15:54 (8 days later)
ステータス	承諾済み
VulDBエントリ	344874 [code-projects Online Examination System 1.0 login.php username/password SQLインジェクション]
ポイント	17

Might our Artificial Intelligence support you?

Check our Alexa App!