Code-Projects Question Paper Generator SQL Injection Vulnerability in Signup Script

A SQL injection vulnerability has been identified in Code-Projects Question Paper Generator version 1.0. The issue arises in the signupscript.php file, specifically within the POST parameter handler. The vulnerability allows remote attackers to manipulate the 'Fname' POST parameter, leading to unauthorized database access and potential data leakage, alteration, or deletion. Exploitation could also result in a full system compromise or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized database access, data manipulation, and in some cases, a full system compromise.

Reproduction

To reproduce this vulnerability, send a POST request to 'signupscript.php' with the 'Fname' parameter. The request can include a crafted payload that exploits the SQL injection vulnerability, such as one that uses MySQL's error-based or time-based blind injection techniques. This can be done manually or with automated tools like sqlmap.