Digital Crime Report Management System SQL Injection Vulnerability Allowing Authentication Bypass
Vulnerability
A critical SQL injection vulnerability has been identified in Digital Crime Report Management System version 1.0. This vulnerability affects multiple login pages, including those for police, in-charge, user, and HQ logins. It allows unauthenticated attackers to bypass authentication by sending crafted SQL injection payloads in the email and password parameters.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling unauthorized access to the application.
Reproduction
The vulnerability can be reproduced by sending a POST request to one of the affected login endpoints (policelogin.php, inchargelogin.php, userlogin.php, or headlogin.php) with crafted SQL injection payloads in the email and password fields. This can be done using a tool like Burp Suite or through a custom script that automates the injection process.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.