| タイトル | code-projects Student Membership System 1.0 SQL Injection |
|---|
| 説明 | In the user registration feature, user-submitted $_POST data is directly concatenated into SQL queries without any filtering or parameterization. An attacker could execute arbitrary SQL commands by crafting malicious input, potentially leading to data leaks, data tampering, or complete control over the database.
Impact: An attacker can execute arbitrary SQL commands, including deleting tables, reading sensitive data, modifying data, and gaining a database shell, thereby gaining complete control over the database. |
|---|
| ソース | ⚠️ https://github.com/maidangdang1/CVE/issues/1 |
|---|
| ユーザー | nomath (UID 96446) |
|---|
| 送信 | 2026年03月15日 10:25 (22 日 ago) |
|---|
| モデレーション | 2026年03月31日 00:24 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 354293 [code-projects Student Membership System 1.0 User Registration SQLインジェクション] |
|---|
| ポイント | 20 |
|---|