| Título | code-projects Student Membership System 1.0 SQL Injection |
|---|
| Descrição | In the user registration feature, user-submitted $_POST data is directly concatenated into SQL queries without any filtering or parameterization. An attacker could execute arbitrary SQL commands by crafting malicious input, potentially leading to data leaks, data tampering, or complete control over the database.
Impact: An attacker can execute arbitrary SQL commands, including deleting tables, reading sensitive data, modifying data, and gaining a database shell, thereby gaining complete control over the database. |
|---|
| Fonte | ⚠️ https://github.com/maidangdang1/CVE/issues/1 |
|---|
| Utilizador | nomath (UID 96446) |
|---|
| Submissão | 15/03/2026 10h25 (há 22 dias) |
|---|
| Moderação | 31/03/2026 00h24 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 354293 [code-projects Student Membership System 1.0 User Registration Injeção SQL] |
|---|
| Pontos | 20 |
|---|