Sambitraj Student Management System SQL Injection Vulnerability in Login Page

A SQL injection vulnerability has been identified in Sambitraj Student Management System version 1.0. The issue arises in the Login Page component, where the application improperly handles the 'email' parameter. This flaw allows remote attackers to manipulate the SQL query executed by the application, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed and exploited.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate the 'email' parameter to create a delay in the application's response. This delay can be used to infer information from the database, bypassing simple login form protections.

Reproduction

To reproduce this vulnerability, send a login request to one of the affected endpoints (admin_login.php, student_login.php, or teacher_login.php) with a crafted email value that exploits the SQL injection flaw. The response time should be measured and compared to a normal request to confirm the injection.