Volerion logoVolerion
Volerion logoVolerion

ProjectsAndPrograms School Management System SQL Injection Vulnerability in select-students.php

Vulnerability

A SQL injection vulnerability has been identified in ProjectsAndPrograms School Management System version 1.0. The issue arises in the file owner_panel/fetch-data/select-students.php, where the argument select is manipulated, allowing for remote exploitation. This vulnerability stems from inadequate validation of user input, enabling attackers to inject malicious SQL queries that could bypass authentication, access or alter sensitive database information, and execute database management tasks.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data modification, or execution of administrative database operations.

Reproduction

The vulnerability can be reproduced by sending a request to owner_panel/fetch-data/select-students.php with a crafted 'select' argument that includes malicious SQL code. This input is not properly sanitized, allowing the injected SQL to be executed by the database.

Added: Sep 27, 2025, 11:17 AM
Updated: Sep 27, 2025, 11:17 AM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
5.0
exploitability
6.6
remediation
0.0
relevance
0.6
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.