Code-Projects Online Class and Exam Scheduling System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Online Class and Exam Scheduling System version 1.0. The issue arises in an unknown function of the file '/pages/salut_del.php', where the manipulation of the 'id' argument allows for the injection of malicious SQL queries. This vulnerability can be exploited remotely and requires authentication.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can inject malicious SQL queries into the application's database. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the '/pages/salut_del.php' file with a manipulated 'id' argument. This can be done using a web browser or a tool like Burp Suite. The injection of SQL commands through the 'id' argument will exploit the vulnerability.