Code-Projects Intern Membership Management System SQL Injection Vulnerability in delete_activity.php
Vulnerability
A SQL injection vulnerability exists in the Intern Membership Management System version 1.0, specifically within the admin/delete_activity.php file. The issue arises from the improper handling of the activity_id parameter, allowing remote attackers to manipulate the input and execute malicious SQL queries. This vulnerability could be exploited to access or manipulate sensitive data in the application's database.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a GET request to the admin/delete_activity.php endpoint with a crafted activity_id parameter. The application does not properly sanitize this input, allowing for the injection of malicious SQL code that could be executed by the database.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.