Vulnerability
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application’s content or behavior by using malicious SQL queries.
Description
SQL injection in School Management System 1.0 in GitHub repo lahirudanushka/School-Management-System—PHP-MySQL allows remote attackers to modify or delete data, causing persistent changes to the application’s content or behavior by using malicious SQL queries.
Attack Vectors: Boolean Injection to Bypass Authentication:
‘ or ‘1’=’1′ # ,
‘ or 1=1;#
CVE-ID
CVE-2022-2054
Vendor
lahirudanushka/School-Management-System—PHP-MySQL
Product
School Management System 1.0
Disclosure Timeline
Reported On: 5th August 2022
Made Public On: 30th August 2022
Fixed On: Not Fixed
Credits
Soummya Mukhopadhyay