Gửi #749255: code-projects Online Examination System in PHP unknown sqlthông tin

tiêu đềcode-projects Online Examination System in PHP unknown sql
Mô tảMultiple scripts within the "Online Examination System in PHP" perform SQL queries by directly concatenating unsanitized user input into SQL statements (notably in `login.php`, `login_admin.php`, `add_user.php`, and `addmembers.php`). User-supplied fields such as `username`, `password`, and other form parameters are used verbatim in queries like `SELECT ... WHERE username='$username' AND password='$password'` and direct INSERT statements, allowing an attacker to inject SQL payloads. Successful exploitation can result in authentication bypass, disclosure of sensitive data (including user passwords stored in plaintext), modification or deletion of database records, and full database compromise depending on the database privileges. The vulnerability is present in both authentication and data-entry routes (login forms and user/member creation endpoints).
Người dùng
 imcoming (UID 95032)
Đệ trình30/01/2026 11:09 (cách đây 3 các tháng)
Kiểm duyệt07/02/2026 15:54 (8 days later)
Trạng tháiđược chấp nhận
Mục VulDB344874 [code-projects Online Examination System 1.0 login.php username/password Tiêm SQL]
điểm17

TrướcTổng QuanTiếp theo

Do you want to use VulDB in your project?

Use the official API to access entries easily!