Student Record System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Student Record System using PHP and MySQL, version 3.20. The issue arises in the add-course.php file, where user-supplied variables are directly inserted into an SQL query without proper sanitization. This flaw allows remote attackers to inject malicious SQL payloads, potentially leading to unauthorized access or manipulation of sensitive database information.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could result in unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the application as an admin and navigate to the 'Add Course' section. Enter a course short name, full name, and date. Include a crafted payload in one or more of these fields to exploit the SQL injection vulnerability. Once the form is submitted, the injected SQL code will be executed by the database, demonstrating the vulnerability.

Remediation

The vulnerability can be remediated by using parameterized queries. Instead of directly concatenating user input into SQL statements, the application should use prepared statements to bind parameters. This approach ensures that user input is treated as data rather than executable code, effectively preventing SQL injection attacks.