| 제목 | tittuvarghese CollegeManagementSystem 1.0 SQL Injection |
|---|
| 설명 | The `fetch.php` endpoint is used to fetch course data based on a `department_code` parameter sent via POST. The script directly embeds the user‑supplied value into an SQL query without any sanitisation or parameterisation:
```php
$department_code = $_POST['department_code'];
$sql = mysql_query("SELECT * FROM `courses` WHERE department_code='$department_code' ORDER BY id DESC");
```
Because the endpoint lacks any authentication (no session check is performed), an unauthenticated attacker can inject arbitrary SQL syntax into the department_code field. Even though the immediate output is a JSON‑encoded array of values, the underlying SQL injection is exploitable—for instance, using boolean‑based or time‑based blind techniques to extract sensitive information from the database. |
|---|
| 원천 | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/3 |
|---|
| 사용자 | Nicole_mo (UID 98333) |
|---|
| 제출 | 2026. 05. 18. PM 04:04 (20 날 ago) |
|---|
| 모더레이션 | 2026. 06. 05. AM 10:10 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368872 [tittuvarghese CollegeManagementSystem fetch.php department_code SQL 주입] |
|---|
| 포인트들 | 20 |
|---|