Code-Projects Human Resource Integrated System SQL Injection Vulnerability in login_query12.php

A SQL injection vulnerability has been identified in Code-Projects Human Resource Integrated System version 1.0. The issue resides in the file login_query12.php, where the 'id' parameter is not properly sanitized, allowing for the injection of malicious SQL code. This vulnerability can be exploited remotely, potentially leading to unauthorized manipulation of database queries. The vulnerability has been publicly disclosed and is available for exploitation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to login_query12.php with the 'id' parameter. Include a payload that exploits the SQL injection vulnerability, such as injecting SQL code that manipulates the database query processing. The injection can be verified by observing a delay in the response time, indicating a successful exploitation using a timing-based SQL injection technique.