itsourcecode School Management System SQL Injection Vulnerability

A SQL injection vulnerability exists in itsourcecode School Management System version 1.0, specifically in the file /ramonsys/faculty/index.php. The vulnerability arises because the application does not properly sanitize the 'id' parameter, allowing remote attackers to inject malicious SQL code. This exploitation can be performed without authentication, manipulating SQL queries to execute unauthorized database operations.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the '/ramonsys/faculty/index.php' file with a crafted 'id' parameter that includes malicious SQL code. The application will execute the injected SQL due to inadequate input validation, allowing for exploitation of the SQL injection vulnerability.