Submit #855010: SourceCodester Online Book Store System 1.0 SQL Injection
| Title | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|---|
| Description | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality. The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process. Using the payload: ' OR 1=1-- - and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard. Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity. Affected Component: Admin Login Page (admin/login.php) Vulnerability Type: SQL Injection (Authentication Bypass) Impact: * Administrative account takeover * Unauthorized access to sensitive data * Data manipulation and deletion * Full compromise of administrative functionality Vendor notified: Pending |
| Source | ⚠️ https:/ |
| User | Gaurav kumar (UID 98267) |
| Submission | 06/10/2026 11:52 (1 month ago) |
| Moderation | 07/12/2026 20:00 (1 month later) |
| Status | Accepted |
| VulDB entry | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php Username sql injection] |
| Points | 20 |