Primary

Context

Code-Projects Student Management System SQL Injection Vulnerability

Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Student Management System version 1.0. The issue resides in the 'showSubject1' function within '/config/DbFunction.php', where the 'sid' parameter is manipulated, allowing for SQL injection. This vulnerability can be exploited remotely, and other parameters may also be affected.

Impact

Exploitation of this vulnerability allows for SQL injection, with the potential for remote code execution.

Reproduction

To reproduce this vulnerability, send a request to the 'showSubject1' function in '/config/DbFunction.php' with a crafted 'sid' parameter that includes SQL injection payloads. The lack of input validation or sanitization will allow the injected SQL code to be executed, manipulating the database query and potentially leading to unauthorized data access or modification.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

10.0

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Student Management System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

code-projects Student Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating