SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
[Additional Information]
https://github.com/lahirudanushka/School-Management-System---PHP-MySQL
[Vulnerability Type]
SQL Injection
[Vendor of Product]
https://github.com/lahirudanushka/School-Management-System---PHP-MySQL
#[Affected Product Code Base]
https://github.com/lahirudanushka/School-Management-System---PHP-MySQL - Version 1
[Affected Component]
http://localhost/login.php http://127.0.0.1/login.php
[Attack Type]
Remote
[Impact Escalation of Privileges]
true
[Attack Vectors]
Boolean Injection to Bypass Authentication:
' or '1'='1' # ,
' or 1=1;#
Effected Parameter (POST):
email, password