imvks786 Student Management System SQL Injection Vulnerability Allowing Authentication Bypass and Data Manipulation

A SQL injection vulnerability has been identified in the imvks786 student management system, affecting versions prior to commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The vulnerability resides in the login component, specifically within the 'index.php' file. User input for the 'usr' and 'pwd' fields is directly concatenated into SQL queries without proper validation or escaping, allowing remote attackers to manipulate the queries. This exploitation can bypass authentication and lead to unauthorized data deletion, permission changes, and sensitive data exposure.

Impact

Exploitation of this vulnerability allows for complete authentication bypass across all user roles, including department, admin, and student. It also enables unauthorized deletion of records, modification of user permissions, and extraction of arbitrary data from the database.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'index.php' with crafted 'usr' and 'pwd' values that exploit the SQL injection flaw. This can be done using tools like Burp Suite or Postman, or through a simple script that automates the process. Once the injection is successful, the response will indicate a successful login, bypassing authentication entirely.