A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Critical vulnerability discovered in itsourcecode University Management System 1.0, allowing for remote SQL injection via the /admin_single_student_update.php file. Successful exploitation could lead to unauthorized access, data exfiltration, and potential system compromise. The vulnerability is publicly known and exploitable.
Step 1: Payload Delivery: The attacker crafts a malicious SQL injection payload designed to be injected into the ID parameter of a request to /admin_single_student_update.php. This payload is typically a SQL query designed to retrieve sensitive data, bypass authentication, or modify database contents.
Step 2: Request Submission: The attacker submits the crafted request to the vulnerable web server. The request includes the malicious payload within the ID parameter.
Step 3: Query Execution: The web application receives the request and, due to the lack of input validation, directly incorporates the attacker's payload into a database query. The database server then executes this modified query.
Step 4: Data Exfiltration/Manipulation: Depending on the payload, the attacker can achieve various objectives. This could include retrieving sensitive information (e.g., student records, usernames, passwords), modifying data (e.g., changing grades, granting administrative privileges), or potentially gaining full control over the database server.
The vulnerability stems from insufficient input validation and sanitization of the ID parameter within the /admin_single_student_update.php file. The application directly incorporates user-supplied input into a database query without proper escaping or filtering. This allows an attacker to inject malicious SQL code, altering the query's intended behavior and enabling unauthorized database interactions. The lack of parameterized queries or prepared statements further exacerbates the issue, making it easier to craft effective SQL injection payloads.