vendor:
Simple Online College Entrance Exam System
by:
Mevlüt Yilmaz
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Simple Online College Entrance Exam System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:simple_online_college_entrance_exam_system
Platforms Tested: Windows 10, Kali Linux
2021
Simple Online College Entrance Exam System 1.0 – SQLi Authentication Bypass
Simple Online College Entrance Exam System v1.0 Login page can be bypassed with a simple SQLi to the username parameter. Steps To Reproduce: 1 - Go to the login page http://localhost/entrance_exam/admin/login.php 2 - Enter the payload to username field as "admin' or '1'='1" without double-quotes and type anything to password field. 3 - Click on "Login" button and you are logged in as administrator.
Mitigation:
Input validation and sanitization should be implemented to prevent SQL injection attacks.