| Title | code-projects Student Result Manager 1.0 SQL Injection |
|---|
| Description | A SQL Injection vulnerability (CWE-89) exists in Student Result Manager's where SQL statements are built via unsafe string concatenation using untrusted input (roll, name, gpa) and executed with Statement.execute(...); an attacker who can supply specially crafted values (for example setting the roll parameter to ' || (SELECT version()) || ') can alter query logic to read, modify, or delete database contents, execute arbitrary SQL, and potentially escalate to full database compromise depending on database privileges. |
|---|
| Source | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Student%20Result%20Manager.md |
|---|
| User | lakshay12311 (UID 91298) |
|---|
| Submission | 10/07/2025 08:47 (8 months ago) |
|---|
| Moderation | 10/09/2025 13:16 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327710 [code-projects Student Result Manager 1.0 Database.java roll/name/gpa sql injection] |
|---|
| Points | 20 |
|---|