Submit #94812: Class and Exam Timetabling System v1.0 /admin/index3.php post parameter 'password' exists sql injection vulnerabilityinfo

TitleClass and Exam Timetabling System v1.0 /admin/index3.php post parameter 'password' exists sql injection vulnerability
DescriptionAn issue was discovered in Class and Exam Timetabling System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /admin/index3.php post parameter password. Payload1: username=ADMIN&password=a%27+OR+NOT+666%3D666%23&go=Log+In Payload2: username=ADMIN&password=a%27+OR+NOT+666%3D667%23&go=Log+In
Source⚠️ https://github.com/anquanclub/bug_report/blob/main/vendors/Cherylda%20Jardeliza%20Ohiman/Class%20and%20Exam%20Timetabling%20System/SQLi-1.md
User
 muhanyun (UID 41815)
Submission02/26/2023 05:16 (3 years ago)
Moderation02/26/2023 12:53 (8 hours later)
StatusAccepted
VulDB entry221797 [SourceCodester Class and Exam Timetabling System 1.0 POST Parameter /admin/index3.php Password sql injection]
Points18

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!