| Title | SourceCodester Simple E-learning System 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability exists in Simple E-learning System version 1.0. The vulnerability occurs in the user profile update component, where the firstName HTTP POST parameter is not properly sanitized. This allows an authenticated attacker to inject arbitrary SQL commands. |
|---|
| Source | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Simple-E-learning-System/SQLi-UserProfile-firstName.md |
|---|
| User | 563742137abc (UID 95813) |
|---|
| Submission | 03/08/2026 15:47 (1 month ago) |
|---|
| Moderation | 03/22/2026 09:48 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 352411 [SourceCodester Simple E-learning System 1.0 User Profile Update firstName sql injection] |
|---|
| Points | 18 |
|---|