| Title | PHPGurukul Students Record Management Project in PHP V 3.20 SQL Injection |
|---|
| Description | A critical SQL injection vulnerability has been identified in version 3.20 of the Students Record Management Project in PHP.
This vulnerability resides in the login functionality of the login.php file.
Due to insufficient input validation and lack of proper sanitization, an attacker can exploit the id parameter to inject malicious SQL commands.
Successful exploitation may allow an attacker to bypass authentication or extract sensitive information from the database.
This vulnerability poses a significant security risk as it can be exploited without prior authentication.
Immediate remediation is strongly recommended to protect the system from potential attacks. |
|---|
| Source | ⚠️ https://github.com/y7syeu/CVE/issues/1 |
|---|
| User | Huoma (UID 85596) |
|---|
| Submission | 05/22/2025 10:55 (1 Year ago) |
|---|
| Moderation | 05/26/2025 15:35 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 310312 [PHPGurukul Student Record System 3.20 /login.php ID sql injection] |
|---|
| Points | 20 |
|---|