| 제목 | code-projects Online Examination System in PHP unknown sql |
|---|
| 설명 | Multiple scripts within the "Online Examination System in PHP" perform SQL queries by directly concatenating unsanitized user input into SQL statements (notably in `login.php`, `login_admin.php`, `add_user.php`, and `addmembers.php`). User-supplied fields such as `username`, `password`, and other form parameters are used verbatim in queries like `SELECT ... WHERE username='$username' AND password='$password'` and direct INSERT statements, allowing an attacker to inject SQL payloads.
Successful exploitation can result in authentication bypass, disclosure of sensitive data (including user passwords stored in plaintext), modification or deletion of database records, and full database compromise depending on the database privileges. The vulnerability is present in both authentication and data-entry routes (login forms and user/member creation endpoints). |
|---|
| 사용자 | imcoming (UID 95032) |
|---|
| 제출 | 2026. 01. 30. AM 11:09 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 07. PM 03:54 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344874 [code-projects Online Examination System 1.0 login.php username/password SQL 주입] |
|---|
| 포인트들 | 17 |
|---|