提交 #733344: PHPGurukul Online Course Registration System ≤ 3.1 SQL Injection信息

标题PHPGurukul Online Course Registration System ≤ 3.1 SQL Injection
描述A critical SQL Injection vulnerability was discovered in PHPGurukul Online Course Registration System v3.1. The vulnerability exists in the file /enroll.php, where multiple POST parameters (studentregno, Pincode, session, department, level, course, sem) are directly concatenated into an INSERT SQL query without any input validation or sanitization. An authenticated attacker can inject malicious SQL commands to extract sensitive data or compromise the database.
来源⚠️ https://note-hxlab.wetolink.com/share/qX132pk8Wofk
用户
 angelkate (UID 94159)
提交2026-01-07 07時21分 (5 月前)
管理2026-01-09 10時42分 (2 days later)
状态已接受
VulDB条目340255 [PHPGurukul Online Course Registration System 直到 3.1 /enroll.php SQL注入]
积分20

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!