Code-Projects Easy Blog Site SQL Injection Vulnerability in Login.php
Vulnerability
A SQL injection vulnerability has been identified in Code-Projects Easy Blog Site version 1.0. The issue resides in the login.php file, where the application improperly handles the username and password inputs. This lack of input validation and normalization allows attackers to manipulate these fields, potentially leading to unauthorized access by exploiting the SQL query handling. The vulnerability can be exploited remotely, without any authentication requirements.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a request to the login.php file with crafted SQL injection payloads in the username and password fields. The absence of input filtering will allow the injection to be executed, manipulating the SQL query to bypass authentication.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.