| Título | code-projects Online Student Management System in PHP unknown SQL Injection |
|---|
| Descrição | Multiple SQL injection vulnerabilities are present in the "Online Student Management System in PHP" (code-projects). Several server-side scripts construct SQL statements by directly concatenating user-controlled input (such as usernames, passwords and resource IDs) into query strings without using prepared statements or proper input validation. An attacker can exploit these injection points to bypass authentication, enumerate and exfiltrate sensitive database records, modify or delete data, and potentially achieve full database compromise or account takeover.
Proof-of-Concept / Reproduction steps:
Send typical SQLi payloads to authentication or ID-based parameters (examples):
In a login form: username = ' OR '1'='1 and any password → may bypass authentication.
In ID/parameter endpoints: append ' OR '1'='1' -- or use ' UNION SELECT ... to extract data.
Observe successful login, additional returned rows, or error messages that reveal database structure.
Use boolean-based, error-based or time-based techniques to extract schema and sensitive fields.
Evidence (code excerpts):
accounts.phpLines 24-27
$mydb->setQuery("SELECT * FROM `useraccounts` WHERE `ACCOUNT_USERNAME` = '". $U_USERNAME ."' and `ACCOUNT_PASSWORD` = '". $h_pass ."'");
students.phpLines 41-44
$mydb->setQuery("SELECT * FROM `tblstudent` WHERE `ACC_USERNAME` = '". $U_USERNAME ."' AND `ACC_PASSWORD` = '". $h_pass ."'");
Impact:
Authentication bypass
Data disclosure (sensitive user and system data)
Data modification/deletion
Potential full database access depending on privileges |
|---|
| Utilizador | imcoming (UID 95032) |
|---|
| Submissão | 30/01/2026 10h45 (há 3 meses) |
|---|
| Moderação | 07/02/2026 15h47 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 344872 [code-projects Online Student Management System 1.0 Login accounts.php username/password Injeção SQL] |
|---|
| Pontos | 17 |
|---|