Campcodes Society Membership Information System SQL Injection Vulnerability in check_student.php
Vulnerability
A SQL injection vulnerability has been identified in Campcodes Society Membership Information System version 1.0. The issue arises in the file check_student.php, where the student_id parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to the check_student.php file with the student_id parameter. Include a crafted SQL payload that exploits the application's SQL query handling. The injection can be verified by observing the application's response or by using a payload that, for example, introduces a delay.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.