| Title | SourceCodester Simple Student Attendance System using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| Description | The vulnerability exists in the student_form.php file at line 6, where the id parameter is accepted without proper sanitization and validation. This id parameter is subsequently passed to the get_student() function located in actions.class.php at line 127. Due to insufficient input validation, this allows for SQL Injection attacks that indeed lead to xss in in the student_form.php file at line 22. |
|---|
| Source | ⚠️ https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing |
|---|
| User | R0ck3t (UID 70759) |
|---|
| Submission | 06/18/2024 20:16 (2 years ago) |
|---|
| Moderation | 06/20/2024 19:26 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 269276 [SourceCodester Simple Student Attendance System 1.0 student_form.php get_student ID cross site scripting] |
|---|
| Points | 20 |
|---|