Code-Projects Assessment Management SQL Injection Vulnerability in Login.php

A SQL injection vulnerability exists in the Code-Projects Assessment Management application, specifically in version 1.0. The issue arises in the login.php file, where the 'userid' parameter can be manipulated to inject malicious SQL code. This exploitation occurs without proper input validation or sanitization, allowing attackers to alter SQL queries and execute unauthorized database operations. The vulnerability can be exploited remotely, without any authentication requirements.

Impact

Exploitation of this vulnerability allows attackers to gain unauthorized access to the application's database, potentially leading to data leakage, unauthorized data manipulation, and in some cases, full control over the application or server.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'login.php' with the 'userid' parameter. The injected SQL payload can be crafted to manipulate the application's SQL query handling, exploiting the lack of input sanitization.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection. Additionally, input validation and filtering should be implemented to ensure that user input meets expected formats, blocking malicious data. Finally, database user permissions should be minimized, restricting access to only what is necessary for the application to function.