Отправить #780399: code-projects Student Membership System 1.0 SQL InjectionИнформация

Название	code-projects Student Membership System 1.0 SQL Injection
Описание	The member deletion function directly concatenates $_POST['id'] into the SQL delete statement. An attacker could modify the ID parameter to delete any member record, or even execute other malicious operations via SQL injection. Impact: An attacker could delete all member data; by injecting a DROP TABLE command, they could delete the entire database table, resulting in permanent data loss.
Источник	⚠️ https://github.com/maidangdang1/CVE/issues/2
Пользователь	nomath (UID 96446)
Представление	15.03.2026 10:34 (18 дни назад)
Модерация	31.03.2026 00:24 (16 days later)
Статус	принято
Запись VulDB	354294 [code-projects Student Membership System 1.0 /delete_member.php ИД SQL-инъекция]
Баллы	20

Do you need the next level of professionalism?

Upgrade your account now!