| Title | SourceCodester Online Student File Management System 1.0 SQL Injection |
|---|
| Description | During the security review of the "Online Student File Management System", I discovered a critical SQL injection vulnerability within the file inclusion chain: /index.php → login.php → login_query.php. Specifically, when users access index.php, it includes login.php to display the login form, and login.php subsequently includes login_query.php to handle the login logic. In line 7 of login_query.php, the stud_no parameter is directly inserted into the SQL query: "SELECT * FROM student WHERE stud_no = '$stud_no' && password = '$password'" without any input validation or parameterized query implementation. This insecure coding practice allows attackers to inject malicious SQL code through the stud_no parameter, potentially gaining unauthorized database access, modifying or deleting data, and accessing sensitive information. Immediate remedial measures are required to ensure system security and protect data integrity.
|
|---|
| Source | ⚠️ https://github.com/ganzhi-qcy/cve/issues/25 |
|---|
| User | quchunyi1 (UID 86520) |
|---|
| Submission | 09/05/2025 10:02 (9 months ago) |
|---|
| Moderation | 09/15/2025 16:01 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323914 [SourceCodester Online Student File Management System 1.0 /index.php stud_no sql injection] |
|---|
| Points | 20 |
|---|