SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

[Additional Information]

https://github.com/lahirudanushka/School-Management-System---PHP-MySQL

[Vulnerability Type]

SQL Injection

[Vendor of Product]

https://github.com/lahirudanushka/School-Management-System---PHP-MySQL

#[Affected Product Code Base]

https://github.com/lahirudanushka/School-Management-System---PHP-MySQL - Version 1

[Affected Component]

http://localhost/login.php http://127.0.0.1/login.php

[Attack Type]

Remote

[Impact Escalation of Privileges]

true

[Attack Vectors]

Boolean Injection to Bypass Authentication:

' or '1'='1' # ,
 ' or 1=1;#

Effected Parameter (POST):

email, password

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

POC.md

POC.md

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

[Additional Information]

[Vulnerability Type]

[Vendor of Product]

[Affected Component]

[Attack Type]

[Impact Escalation of Privileges]

[Attack Vectors]

Effected Parameter (POST):

[Discoverer]

Soummya Mukhopadhyay @G37SYS73M

Files

POC.md

Latest commit

History

POC.md

File metadata and controls

SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.

[Additional Information]

[Vulnerability Type]

[Vendor of Product]

[Affected Component]

[Attack Type]

[Impact Escalation of Privileges]

[Attack Vectors]

Effected Parameter (POST):

[Discoverer]

Soummya Mukhopadhyay @G37SYS73M