| Название | code-projects Student Membership System 1.0 SQL Injection |
|---|
| Описание | In the user registration feature, user-submitted $_POST data is directly concatenated into SQL queries without any filtering or parameterization. An attacker could execute arbitrary SQL commands by crafting malicious input, potentially leading to data leaks, data tampering, or complete control over the database.
Impact: An attacker can execute arbitrary SQL commands, including deleting tables, reading sensitive data, modifying data, and gaining a database shell, thereby gaining complete control over the database. |
|---|
| Источник | ⚠️ https://github.com/maidangdang1/CVE/issues/1 |
|---|
| Пользователь | nomath (UID 96446) |
|---|
| Представление | 15.03.2026 10:25 (18 дни назад) |
|---|
| Модерация | 31.03.2026 00:24 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354293 [code-projects Student Membership System 1.0 User Registration SQL-инъекция] |
|---|
| Баллы | 20 |
|---|