| 제목 | Assessment Management System login.php SQL Injection Vulnerabili v1.0 SQL Injection |
|---|
| 설명 | # Assessment Management System login.php SQL Injection Vulnerability
A SQL injection vulnerability exists in the login.php file of the Assessment Management System. The application
directly concatenates user-controlled input from the userid and password parameters into an SQL query without proper
sanitization or parameterized statements. As a result, an attacker can inject arbitrary SQL syntax into the
authentication query.
##
## Impact of the Vulnerability
This vulnerability may allow an attacker to manipulate backend SQL queries, bypass authentication, extract database
content, and trigger database error-based responses. In some cases, it may lead to disclosure of sensitive information
such as usernames, password data, or other application records stored in the database.
##
## Payload
```
admin'and/**/extractvalue(1,concat(char(126),md5(1049915738)))and'
```
## Source Download
```
[Assessment Management In PHP With Source Code - Source Code & Projects](https://code-projects.org/assessment-management-in-php-with-source-code/)
```
|
|---|
| 원천 | ⚠️ https://github.com/zzzxc643/CVE1/blob/main/assessment/vul1.md |
|---|
| 사용자 | SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200) |
|---|
| 제출 | 2026. 06. 03. AM 07:04 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 03. PM 08:47 (1 month later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 338583 [code-projects Assessment Management 1.0 login.php userid SQL 주입] |
|---|
| 포인트들 | 0 |
|---|