Gửi #844846: CodeAstro Student Attendance Management System v1 SQL Injectionthông tin

tiêu đềCodeAstro Student Attendance Management System v1 SQL Injection
Mô tảA SQL injection vulnerability exists in CodeAstro Student Attendance Management System v1.0 in the /attendance-php/Admin/createSessionTerm.php file. The application does not properly validate, sanitize, or parameterize the sessionName POST parameter before using it in SQL queries. An attacker can supply crafted input through the sessionName parameter and alter the intended SQL query logic. This may allow unauthorized database access, disclosure of sensitive data, data modification, or service disruption, depending on the privileges assigned to the database user.
Nguồn⚠️ https://github.com/freddymuch/Vul/issues/2
Người dùng
 freddymuch (UID 98644)
Đệ trình01/06/2026 13:59 (cách đây 1 tháng)
Kiểm duyệt03/07/2026 18:45 (1 month later)
Trạng tháiBản sao
Mục VulDB319151 [Student Attendance Management System 1.0 createSessionTerm.php sessionName Tiêm SQL]
điểm0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!