Code-Projects Project Management System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Project Management System version 1.0. The issue arises in an unknown function within the file chk.php, part of the login component. This vulnerability allows remote attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations within the application.

Reproduction

To reproduce this vulnerability, log into the application using the index.php login page. Select the administrator login option and enter a crafted payload such as '1' OR '1'='1' -- q:123456. This input bypasses authentication and grants access as an administrator.