| 제목 | CampCodes Student Grading System 1.0 SQL Injection |
|---|
| 설명 | Vendor and Product Information:
Vendor: CampCodes
Product: Student Grading System
Product URL: https://www.campcodes.com/projects/php/student-grading-system-using-php-mysql-free-download/
Confidence: Confirmed
Description:
The 'view_students.php' file directly incorporates the $_POST['id'] parameter into the SQL query without proper sanitization or validation. This lack of protection allows an attacker to modify the id parameter in the URL and inject malicious SQL, potentially enabling unauthorized access or data manipulation. |
|---|
| 원천 | ⚠️ https://github.com/shaturo1337/POCs/blob/main/SQL%20Injection%20in%20Student%20Grading%20System.md |
|---|
| 사용자 | John Correche (UID 79510) |
|---|
| 제출 | 2025. 01. 03. AM 05:41 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 03. PM 05:14 (12 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 290157 [Campcodes Student Grading System 1.0 /view_students.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|