Needyamin Library Card System SQL Injection Vulnerability in Login Component
Vulnerability
A critical SQL injection vulnerability has been identified in Needyamin Library Card System version 1.0. The issue arises in the admin.php file within the Login component, where the application fails to properly sanitize the email and password input, allowing for malicious SQL code to be executed. This vulnerability can be exploited remotely, potentially leading to unauthorized access and manipulation of the application's database.
Impact
Exploitation of this vulnerability allows for SQL injection, which could be used to bypass authentication, access or modify database information, and in some cases, execute administrative functions within the application.
Reproduction
To reproduce this vulnerability, navigate to the admin.php login page of the application. Once there, input a crafted SQL injection payload in the email or password fields. A simple payload could be ' or 1=1 -- -', which exploits the application's lack of SQL injection protection. If successful, the injection may bypass authentication and grant access to the admin dashboard.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.