| Título | Code-Projects Student File Management System V1.0 SQL Injection Vulnerability |
|---|
| Descrição | An SQL injection vulnerability was discovered in the "StudentFileManagementSystem_PHP/SFMS/download.php" file. The reason for this issue is that the attacker can inject malicious code into the parameter "istore_id" when the user logs in. The application failed to properly clean or validate the input during the SQL query, allowing the attacker to control the SQL query and perform unauthorized operations. |
|---|
| Fonte | ⚠️ https://github.com/Bai-public/CVE/issues/4 |
|---|
| Utilizador | Mountain Ghost (UID 92943) |
|---|
| Submissão | 26/12/2025 08h15 (há 4 meses) |
|---|
| Moderação | 28/12/2025 11h23 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 338592 [code-projects Student File Management System 1.0 /download.php istore_id Injeção SQL] |
|---|
| Pontos | 20 |
|---|