Primary

Context

School Management System SQL Injection Vulnerability in Admin Login

Vulnerability

A SQL injection vulnerability has been identified in the School Management System CMS version 1.0, specifically within the admin login feature. This vulnerability allows attackers to bypass authentication by injecting SQL code through the username parameter. Exploitation involves using boolean-based blind SQL injection techniques on the processlogin endpoint to gain unauthorized access as an administrator.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to log in as administrators without valid credentials.

Reproduction

To reproduce this vulnerability, send a POST request to the processlogin endpoint with the username parameter injected with malicious SQL payloads that exploit boolean-based blind SQL injection. The injection can be crafted to manipulate the SQL query processing, bypassing authentication checks.

Added: Mar 26, 2026, 12:33 PM

Updated: Mar 26, 2026, 12:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.0

remediation

0.0

relevance

4.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.0

remediation

0.0

relevance

4.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

School Management System SQL Injection Vulnerability in Admin Login

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating