Submit #780399: code-projects Student Membership System 1.0 SQL Injectioninfo

Titlecode-projects Student Membership System 1.0 SQL Injection
DescriptionThe member deletion function directly concatenates $_POST['id'] into the SQL delete statement. An attacker could modify the ID parameter to delete any member record, or even execute other malicious operations via SQL injection. Impact: An attacker could delete all member data; by injecting a DROP TABLE command, they could delete the entire database table, resulting in permanent data loss.
Source⚠️ https://github.com/maidangdang1/CVE/issues/2
User
 nomath (UID 96446)
Submission03/15/2026 10:34 (4 months ago)
Moderation03/31/2026 00:24 (16 days later)
StatusAccepted
VulDB entry354294 [code-projects Student Membership System 1.0 /delete_member.php ID sql injection]
Points20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!