| Title | School-Management-System---PHP-MySQL 1.0.1 Authorization Bypass Through User-Controlled SQL Primary Key |
|---|
| Description | An sqlinjection has been discovered within version 1.0.1 of https://github.com/lahirudanushka/School-Management-System---PHP-MySQL within the login page. This issue let’s unauthenticated users to access the admin panel due the lack of input sanitization.
vendor github: https://github.com/lahirudanushka/School-Management-System---PHP-MySQL
|
|---|
| Source | ⚠️ https://powerful-bulb-c36.notion.site/SQL-injection-to-authorization-bypass-af95fa2c72b84b4297e3d61c17cd7cdb?pvs=4 |
|---|
| User | louay khammassi (UID 67114) |
|---|
| Submission | 06/22/2024 14:16 (2 years ago) |
|---|
| Moderation | 06/22/2024 17:44 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 269480 [lahirudanushka School Management System 1.0.0/1.0.1 Login Page login.php email sql injection] |
|---|
| Points | 15 |
|---|