| 제목 | code-projects Coaching Management System in PHP unknown (latest version as of April 2026) SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability exists in the Coaching Management System in PHP. The complaintreply parameter in /cims/modules/admin/reply.php is not properly sanitized before being used in SQL queries.
An authenticated attacker can inject malicious SQL statements via the complaintreply parameter, leading to unauthorized database access and full data extraction.
The vulnerability can be exploited through crafted POST requests and was confirmed via error-based and boolean-based techniques, as well as automated exploitation using sqlmap.
Successful exploitation allows retrieval of sensitive information including user credentials, student data, and administrative records. |
|---|
| 원천 | ⚠️ https://github.com/Xmyronn/Authenticated-SQL-Injection-in-Coaching-Management-System.git |
|---|
| 사용자 | imad alvi (UID 97088) |
|---|
| 제출 | 2026. 04. 10. PM 08:39 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 27. PM 05:45 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359830 [code-projects Coaching Management System 1.0 POST reply.php complaintreply SQL 주입] |
|---|
| 포인트들 | 20 |
|---|