| 제목 | Github Event-Management-System Of PuneethReddyHC V1.0 SQL Injection |
|---|
| 설명 | The Event-Management-System application does not properly validate or sanitize user input for the college event_id parameter. This results in a confirmed SQL Injection vulnerability. An unauthenticated remote attacker can construct and execute malicious SQL statements through the affected endpoint and backend SQL sink.
Attack Conditions: No authentication or authorization is required. The vulnerable endpoint is reachable over the network in a default installation.
Potential Impact: In the local test environment, sqlmap successfully confirmed SQL injection and produced direct exploitation evidence such as DBMS identification, database enumeration, table enumeration, or sample data extraction. This demonstrates a practical path to unauthorized backend data disclosure and may also enable data tampering or service impact depending on the database privileges used by the application.
Not required for this verification state. |
|---|
| 원천 | ⚠️ https://github.com/lyf3273/CVE/issues/1 |
|---|
| 사용자 | kalasama (UID 97462) |
|---|
| 제출 | 2026. 04. 19. PM 03:18 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 16. AM 11:39 (27 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 259613 [PuneethReddyHC Event Management 1.0 /backend/register.php event_id/full_name/email/mobile/college/branch SQL 주입] |
|---|
| 포인트들 | 0 |
|---|