| Title | code-projects Student Membership System 1.0 SQL Injection |
|---|
| Description | In the user registration feature, user-submitted $_POST data is directly concatenated into SQL queries without any filtering or parameterization. An attacker could execute arbitrary SQL commands by crafting malicious input, potentially leading to data leaks, data tampering, or complete control over the database.
Impact: An attacker can execute arbitrary SQL commands, including deleting tables, reading sensitive data, modifying data, and gaining a database shell, thereby gaining complete control over the database. |
|---|
| Source | ⚠️ https://github.com/maidangdang1/CVE/issues/1 |
|---|
| User | nomath (UID 96446) |
|---|
| Submission | 03/15/2026 10:25 (16 days ago) |
|---|
| Moderation | 03/31/2026 00:24 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 354293 [code-projects Student Membership System 1.0 User Registration sql injection] |
|---|
| Points | 20 |
|---|