Code-Projects Intern Membership Management System SQL Injection Vulnerability in add_activity.php
Vulnerability
A SQL injection vulnerability has been identified in version 1.0 of the Code-Projects Intern Membership Management System. The issue resides in the add_activity.php file, where an unknown function improperly handles the Title argument, allowing remote attackers to manipulate the input and execute SQL injection attacks. This vulnerability could be exploited to access or manipulate sensitive data.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to /intern/admin/add_activity.php with the Title argument manipulated to include SQL injection payloads. The request should be made with an active PHP session.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.