Code-Projects Intern Membership Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Code-Projects Intern Membership Management System version 1.0. The issue resides in the file /admin/edit_student_query.php, where the ID parameter is manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely without any authentication, allowing attackers to gain unauthorized access to the database, manipulate or delete data, and potentially disrupt services.

Impact

Exploitation of this vulnerability allows for unauthorized database access through SQL injection, enabling attackers to leak, modify, or delete data. This could lead to unauthorized control over the system and cause service interruptions.

Reproduction

To reproduce this vulnerability, send a POST request to /admin/edit_student_query.php with the 'id' parameter. Include a crafted SQL payload that exploits the application's SQL query handling, such as injecting SQL commands that manipulate the query execution or database response.