SourceCodester Music Class Enrollment System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in SourceCodester Music Class Enrollment System version 1.0. The issue arises in an unknown function of the file manage_class.php, where the manipulation of the argument ID allows for the injection of malicious SQL statements. This vulnerability can be exploited remotely, potentially leading to unauthorized access and manipulation of the application's database.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, bypass application security, and gain unauthorized access to, or manipulate, the database. This could include reading, modifying, or deleting database information, thereby severely compromising the application's data integrity and security.

Reproduction

The vulnerability can be reproduced by sending a request to the manage_class.php file with a crafted ID parameter that includes malicious SQL code. This can be done manually or using automated tools that exploit SQL injection vulnerabilities. The injected SQL code is executed by the application's database, allowing the attacker to manipulate the database in unauthorized ways.