The application allows users to input a SQL query via the ‘Edit Test Result’ form. Thus, attackers can inject malicious SQL code and obtain access to critical data.
Additionally, ����� SourceCodester Best Student Result Management System 1.0 allows users to input data via POST method. Users should be aware that if you input data via POST method and use a weak password, it will be easily hacked.
There are many other security issues in this software. We recommend installing the latest version of this software and fixing all the mentioned issues.
SQL Injection
SQL injection is a type of security vulnerability that can occur when an application passes user-submitted input through a SQL query without sanitizing it.
This allows an attacker to execute arbitrary SQL commands on the back-end database server, which may lead to sensitive information disclosure or complete system takeover.
Thus, the application needs to be patched and updated because it has many other security issues as well.
Timeline
Published on: 09/29/2022 17:15:00 UTC
Last modified on: 10/06/2022 12:58:00 UTC