| Title | jkev Personnel Record Management System V1.0 SQL Injection |
|---|
| Description | The system fails to sanitize or filter user input during authentication, data querying, and data entry processes, resulting in multiple SQL injection vulnerabilities. Attackers can exploit these flaws to bypass authentication, take over arbitrary accounts, steal plaintext passwords, and gain unauthorized access to the administrator dashboard. Once inside, they can view and modify any stored information, leading to severe sensitive data disclosure and system compromise.
|
|---|
| Source | ⚠️ https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_SQL.md |
|---|
| User | chenkh (UID 96588) |
|---|
| Submission | 03/20/2026 02:59 (19 days ago) |
|---|
| Moderation | 04/04/2026 16:45 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355345 [SourceCodester/jkev Record Management System 1.0 Login index.php Username sql injection] |
|---|
| Points | 20 |
|---|