| Title | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
|---|
| Description | The Online College Event Hall Reservation System is vulnerable to SQL Injection in its /admin/receipt.php script through the room_id parameter. This vulnerability allows attackers to execute arbitrary SQL commands, as demonstrated by the injection that retrieves the database version. This issue highlights the need for secure coding practices, including the use of parameterized queries or prepared statements, to prevent SQL Injection and protect the application's data integrity. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 03/06/2024 16:59 (2 years ago) |
|---|
| Moderation | 03/15/2024 17:29 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 256961 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/receipt.php room_id sql injection] |
|---|
| Points | 20 |
|---|