| Title | Code-Projects Student File Management System V1.0 SQL Injection Vulnerability |
|---|
| Description | An SQL injection vulnerability was discovered in the "StudentFileManagementSystem_PHP/SFMS/download.php" file. The reason for this issue is that the attacker can inject malicious code into the parameter "istore_id" when the user logs in. The application failed to properly clean or validate the input during the SQL query, allowing the attacker to control the SQL query and perform unauthorized operations. |
|---|
| Source | ⚠️ https://github.com/Bai-public/CVE/issues/4 |
|---|
| User | Mountain Ghost (UID 92943) |
|---|
| Submission | 12/26/2025 08:15 (4 months ago) |
|---|
| Moderation | 12/28/2025 11:23 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338592 [code-projects Student File Management System 1.0 /download.php istore_id sql injection] |
|---|
| Points | 20 |
|---|