StudentManage SQL Injection Vulnerability

A SQL injection vulnerability has been identified in StudentManage version 1.0. The issue arises in the adminStudentUrl component, where user input is not properly sanitized, allowing for malicious SQL queries to be executed.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, navigate to the adminStudentUrl component in StudentManage v1.0. Use the search function and input a crafted SQL injection payload, such as ' and '1' = '1' --+. The application will return data that confirms the injection was successful, such as database information or application data that should not be accessible.

Remediation

It is recommended to implement input validation and parameterized queries to prevent SQL injection vulnerabilities. The code should be updated to properly check and sanitize user input before processing it in database queries.