Submit #479251: Attendance Tracking Management System V1.0 SQL Injectioninfo

TitleAttendance Tracking Management System V1.0 SQL Injection
DescriptionA critical SQL injection vulnerability has been identified in the /admin/edit_action.php file of the Attendance Tracking Management System PHP & MySQL Project (V1.0). The issue arises from insufficient validation of the attendance_id parameter, allowing attackers to inject malicious SQL queries directly into database operations. Unauthorized Database Access: Attackers can retrieve sensitive data. Data Leakage: Exposure of confidential information. Data Tampering: Modification or deletion of records. System Control: Potential for full system compromise. Service Interruption: Disruption of normal operations through malicious queries. Unsanitized Input: The attendance_id parameter is incorporated directly into SQL queries without proper sanitization or validation. Direct Query Manipulation: Attackers can manipulate the attendance_id parameter to alter the structure and logic of SQL statements.
Source⚠️ https://github.com/lan041221/cve/blob/main/Attendance_Tracking_Management_System_SQL_Injection.md
User
 l1nk (UID 76857)
Submission01/11/2025 13:09 (1 Year ago)
Moderation01/17/2025 07:40 (6 days later)
StatusAccepted
VulDB entry292420 [1000 Projects Attendance Tracking Management System 1.0 /admin/edit_action.php attendance_id sql injection]
Points20

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!