Primary

Context

imvks786 Student Management System SQL Injection Vulnerability in Administrator Login Endpoint

Vulnerability

A SQL injection vulnerability has been identified in the imvks786 student management system, affecting versions prior to commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46. The issue arises in the administrator login endpoint, specifically within the file admin/admin_login.php. The vulnerability allows remote attackers to inject malicious SQL payloads into the username and password fields, bypassing authentication and gaining administrative access.

Impact

Exploitation of this vulnerability allows for SQL injection, leading to authentication bypass and unauthorized administrative access.

Reproduction

To reproduce this vulnerability, navigate to the admin login page and enter a SQL injection payload, such as 'admin' OR '1'='1', in the username field. For the password, input any arbitrary value. Upon submitting the form, the server will redirect to the admin dashboard, indicating successful exploitation.

Added: Jun 8, 2026, 6:17 PM

Updated: Jun 8, 2026, 6:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

imvks786 Student Management System SQL Injection Vulnerability in Administrator Login Endpoint

Vulnerability

Impact

Reproduction

Affected Products

imvks786 student_management_system

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating