Key Information Affected Product Product Name: Modern Bag Project V1.0 Vendor Homepage: https://code-projects.org/modern-bag-in-php-css-javascript-and-mysql-free-download/ Vulnerable File and Version Vulnerable File: /admin/login-back.php Affected Version: V1.0 Vulnerability Type Type: SQL Injection Root Cause The issue occurs in the /admin/login-back.php file, where the parameter is not properly sanitized or validated before being used in an SQL query, leading to an SQL injection vulnerability. Impact Attackers can exploit this vulnerability to gain unauthorized access to the database, disclose sensitive data, modify or delete data, take control of the system, or cause service disruption, posing a serious threat to system security and business continuity. Description During a security review of the Modern Bag project, a critical SQL injection vulnerability was identified in the /admin/login-back.php file. This vulnerability stems from insufficient validation of user input for the parameter, allowing attackers to execute malicious SQL queries. As a result, attackers can gain unauthorized access to the database, alter or delete data, and access sensitive information. Immediate remediation is required to ensure system security and protect data integrity. Vulnerability Details and POC Vulnerable Parameter: user-name Payload Example: Recommended Remediation Measures 1. Use prepared statements with parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges. 4. Conduct regular security audits.