Student Attendance Management System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the Student Attendance Management System version 1. The issue resides in the 'index.php' file, where the 'username' parameter is not properly sanitized before being used in SQL queries. This lack of sanitation allows remote attackers to manipulate database queries, potentially leading to arbitrary code execution or unauthorized disclosure of sensitive information.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation. Additionally, according to the vulnerability's discoverer, this could allow for arbitrary code execution.

Added: Aug 7, 2025, 6:32 PM

Updated: Aug 7, 2025, 6:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Student Attendance Management System SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

Student Attendance Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating