Code-Projects Coaching Management System SQL Injection Vulnerability in POST Handler

A SQL injection vulnerability has been identified in the Coaching Management System version 1.0, specifically within the POST handler of the admin reply module. The issue arises in the file '/cims/modules/admin/reply.php', where the 'complaintreply' parameter is not properly sanitized before being incorporated into SQL queries. This vulnerability allows authenticated attackers to inject malicious SQL, potentially leading to unauthorized database access and extraction of sensitive information. The flaw can be exploited remotely and has been publicly disclosed, with an available exploit.

Impact

Exploitation of this vulnerability allows for full database extraction, including user credentials, personal information of students, teacher records, and complaint histories. Additionally, it could enable authentication bypass and privilege escalation by extracting admin credentials.

Reproduction

To reproduce this vulnerability, an authenticated admin user can send a POST request to '/cims/modules/admin/reply.php' with an injected SQL payload in the 'complaintreply' parameter. The injection can be confirmed by observing SQL error messages or by using a tool like sqlmap to automate the exploitation.