Code-Projects Intern Membership Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Intern Membership Management System version 1.0. The issue arises in the file '/student_login.php', where user-supplied input for the 'user_name' and 'password' parameters is not properly sanitized before being incorporated into an SQL query. This flaw allows for arbitrary SQL code injection, enabling an unauthenticated remote attacker to bypass authentication and gain unauthorized access, potentially leading to exposure of sensitive student information or administrative functions.

Impact

Exploitation of this vulnerability allows for full authentication bypass, with unauthorized access to user accounts and associated data. If the vulnerability is present in other parts of the application, it could lead to further data exposure or system compromise.

Reproduction

To reproduce this vulnerability, send a POST request to '/intern/student_login.php' with the 'user_name' parameter set to a crafted SQL injection payload, such as '' OR '1'='1', and the 'password' parameter set to any value. The injection exploits the application's SQL query handling, bypassing authentication and granting access to the application.

Remediation

Developers are advised to use parameterized queries to prevent SQL injection, replace plain-text password storage with secure hashing methods, sanitize and validate all input, apply the principle of least privilege to database users, disable error message output in production, and harden access to sensitive endpoints like login pages.