| タイトル | Assessment Management System lecturer/marking-scheme.php SQL Injection Vulnerability v1.0 SQL Injection |
|---|
| 説明 | # Assessment Management System lecturer/marking-scheme.php SQL Injection Vulnerability
A SQL injection vulnerability exists in the `lecturer/marking-scheme.php` file of the Assessment Management System.
The application directly concatenates user-controlled input from the `squestions[]` parameter into an SQL `INSERT`
statement without proper sanitization or parameterized statements. As a result, an attacker can inject arbitrary SQL
syntax into the backend database query.
##
## Impact of the Vulnerability
This vulnerability may allow an attacker to manipulate backend SQL queries, trigger database error-based responses,
and potentially extract sensitive database information. Because the application returns raw database errors via
`mysqli_error($conn)`, successful exploitation can disclose attacker-controlled query output directly in the HTTP
response.
##
## Payload
```
'and/**/extractvalue(1,concat(char(126),md5(1514634218)))and'
```
'and/**/extractvalue(1,concat(char(126),md5(1514634218)))and'
## Source Download
```
[Assessment Management In PHP With Source Code - Source Code & Projects](https://code-projects.org/assessment-management-in-php-with-source-code/)
```
|
|---|
| ソース | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/assessment/vul5.md |
|---|
| ユーザー | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| 送信 | 2026年06月03日 07:09 (1 月 ago) |
|---|
| モデレーション | 2026年07月03日 20:50 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 376172 [code-projects Assessment Management 1.0 Database Query marking-scheme.php squestions[] SQLインジェクション] |
|---|
| ポイント | 20 |
|---|