| 제목 | code-projects Student Membership System 1.0 SQL Injection |
|---|
| 설명 | In the user registration feature, user-submitted $_POST data is directly concatenated into SQL queries without any filtering or parameterization. An attacker could execute arbitrary SQL commands by crafting malicious input, potentially leading to data leaks, data tampering, or complete control over the database.
Impact: An attacker can execute arbitrary SQL commands, including deleting tables, reading sensitive data, modifying data, and gaining a database shell, thereby gaining complete control over the database. |
|---|
| 원천 | ⚠️ https://github.com/maidangdang1/CVE/issues/1 |
|---|
| 사용자 | nomath (UID 96446) |
|---|
| 제출 | 2026. 03. 15. AM 10:25 (24 날 ago) |
|---|
| 모더레이션 | 2026. 03. 31. AM 12:24 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354293 [code-projects Student Membership System 1.0 User Registration SQL 주입] |
|---|
| 포인트들 | 20 |
|---|