| Title | sourcecodester Survey Application System 1.0 SQL Injection |
|---|
| Description | The application constructs SQL by concatenating user-supplied POST values into the $data string then interpolates that into an UPDATE statement. Identifiers and values are not parameterized. Escaping (escapeString()) is used in places but interpolation remains. This allows an attacker to alter SQL logic by injecting SQL syntax into fullname (or any POST field concatenated into $data). |
|---|
| Source | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System.md |
|---|
| User | lakshay12311 (UID 91298) |
|---|
| Submission | 10/24/2025 13:54 (8 months ago) |
|---|
| Moderation | 11/09/2025 14:02 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 331649 [SourceCodester Survey Application System 1.0 /LoginRegistration.php save_user/update_user fullname sql injection] |
|---|
| Points | 20 |
|---|