| Title | sourcecodester Survey Application System 1.0 SQL Injection |
|---|
| Description | view_survey.php directly interpolates $_GET['id'] into an SQL statement without validation or prepared statements. An attacker controlling the id parameter can inject SQL that does not return visible differences but creates measurable delays on the database server. This enables time-based blind SQL injection. The vulnerability is exploitable remotely and without authentication. |
|---|
| Source | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System%202%20.md |
|---|
| User | lakshay12311 (UID 91298) |
|---|
| Submission | 10/26/2025 10:48 (6 months ago) |
|---|
| Moderation | 11/12/2025 13:43 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332187 [SourceCodester Survey Application System 1.0 /view_survey.php ID sql injection] |
|---|
| Points | 20 |
|---|