提出 #780399: code-projects Student Membership System 1.0 SQL Injection情報

タイトルcode-projects Student Membership System 1.0 SQL Injection
説明The member deletion function directly concatenates $_POST['id'] into the SQL delete statement. An attacker could modify the ID parameter to delete any member record, or even execute other malicious operations via SQL injection. Impact: An attacker could delete all member data; by injecting a DROP TABLE command, they could delete the entire database table, resulting in permanent data loss.
ソース⚠️ https://github.com/maidangdang1/CVE/issues/2
ユーザー
 nomath (UID 96446)
送信2026年03月15日 10:34 (22 日 ago)
モデレーション2026年03月31日 00:24 (16 days later)
ステータス承諾済み
VulDBエントリ354294 [code-projects Student Membership System 1.0 /delete_member.php 識別子 SQLインジェクション]
ポイント20

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!