提出 #844846: CodeAstro Student Attendance Management System v1 SQL Injection情報

タイトルCodeAstro Student Attendance Management System v1 SQL Injection
説明A SQL injection vulnerability exists in CodeAstro Student Attendance Management System v1.0 in the /attendance-php/Admin/createSessionTerm.php file. The application does not properly validate, sanitize, or parameterize the sessionName POST parameter before using it in SQL queries. An attacker can supply crafted input through the sessionName parameter and alter the intended SQL query logic. This may allow unauthorized database access, disclosure of sensitive data, data modification, or service disruption, depending on the privileges assigned to the database user.
ソース⚠️ https://github.com/freddymuch/Vul/issues/2
ユーザー
 freddymuch (UID 98644)
送信2026年06月01日 13:59 (1 月 ago)
モデレーション2026年07月03日 18:45 (1 month later)
ステータス重複
VulDBエントリ319151 [Student Attendance Management System 1.0 createSessionTerm.php sessionName SQLインジェクション]
ポイント0

Might our Artificial Intelligence support you?

Check our Alexa App!