Отправить #846712: Assessment Management System login.php SQL Injection Vulnerabili v1.0 SQL InjectionИнформация

НазваниеAssessment Management System login.php SQL Injection Vulnerabili v1.0 SQL Injection
Описание# Assessment Management System login.php SQL Injection Vulnerability A SQL injection vulnerability exists in the login.php file of the Assessment Management System. The application directly concatenates user-controlled input from the userid and password parameters into an SQL query without proper sanitization or parameterized statements. As a result, an attacker can inject arbitrary SQL syntax into the authentication query. ## ## Impact of the Vulnerability This vulnerability may allow an attacker to manipulate backend SQL queries, bypass authentication, extract database content, and trigger database error-based responses. In some cases, it may lead to disclosure of sensitive information such as usernames, password data, or other application records stored in the database. ## ## Payload ``` admin'and/**/extractvalue(1,concat(char(126),md5(1049915738)))and' ``` ## Source Download ``` [Assessment Management In PHP With Source Code - Source Code & Projects](https://code-projects.org/assessment-management-in-php-with-source-code/) ```
Источник⚠️ https://github.com/zzzxc643/CVE1/blob/main/assessment/vul1.md
Пользователь
 SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (UID 97200)
Представление03.06.2026 07:04 (1 месяц назад)
Модерация03.07.2026 20:47 (1 month later)
СтатусДубликат
Запись VulDB338583 [code-projects Assessment Management 1.0 login.php userid SQL-инъекция]
Баллы0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!