| Title | Yash Pokharna StudentManagementSystem 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability exists in success.php that allows an attacker to bypass the login authentication. The script directly concatenates the unsanitized $_POST['user'] parameter into the SQL query. Although the password field is hashed with MD5, the lack of proper input handling (e.g., mysqli_real_escape_string or prepared statements) enables an attacker to inject SQL comments (#) to bypass the password verification and log in as any user, including the administrator. |
|---|
| Source | ⚠️ https://github.com/yashpokharna2555/StudentManagementSystem/issues/2 |
|---|
| User | frljiang123 (UID 96712) |
|---|
| Submission | 04/27/2026 10:38 (3 months ago) |
|---|
| Moderation | 05/24/2026 11:03 (27 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 365450 [yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203 /success.php User sql injection] |
|---|
| Points | 20 |
|---|