Code-Projects Intern Membership Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in version 1.0 of the Code-Projects Intern Membership Management System. The issue arises in the admin.php file, specifically within an unknown function of the /intern/admin/edit_admin.php path. The vulnerability is triggered by manipulating the admin_id parameter, allowing attackers to execute arbitrary SQL commands and potentially access or modify sensitive data. This vulnerability can be exploited remotely, but requires authentication.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to the /intern/admin/edit_admin.php endpoint with a crafted admin_id parameter. The request must include a valid PHP session cookie to authenticate the user.