Code-Projects Intern Membership Management System SQL Injection Vulnerability in add_admin.php
Vulnerability
A SQL injection vulnerability has been identified in version 1.0 of the Code-Projects Intern Membership Management System. The issue resides in the add_admin.php file, where the Username parameter can be manipulated to execute unauthorized SQL commands. This vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to '/intern/admin/add_admin.php' with the 'username' parameter. The request must include a payload that exploits the SQL injection vulnerability, such as a SQL injection string that manipulates the SQL query processing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.