| Title | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
|---|
| Description | The Online College Event Hall Reservation System is vulnerable to SQL Injection through its /admin/bookdate.php endpoint due to improper sanitization of the room_id parameter. This vulnerability allows attackers to execute arbitrary SQL queries, potentially accessing or manipulating sensitive database information. The proof of concept demonstrates an injection that retrieves the database version, underscoring the necessity for strict input validation and the use of prepared statements to enhance application security. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20bookdate.php.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 03/06/2024 16:41 (2 years ago) |
|---|
| Moderation | 03/15/2024 17:29 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 256957 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/bookdate.php room_id sql injection] |
|---|
| Points | 20 |
|---|