Key Information Affected Product Product Name: Nipah virus (NiV) - Testing Management System Project V1.0 Vendor Homepage: Nipah virus (NiV) - Testing Management System using PHP and MySQL Affected and Fixed Versions Affected File: new-user-testing.php Version: V1.0 Software Link: Download Link Vulnerability Type Vulnerability Type: SQL Injection Root Cause Due to insufficient user input validation for the parameter in the file, an SQL injection vulnerability exists. Impact Exploiting this SQL injection vulnerability, attackers can gain unauthorized access to the database, leading to sensitive data leakage, data tampering, system compromise, and even service disruption. Description During a security assessment of the "Nipah virus (NiV) - Testing Management System", a critical SQL injection vulnerability was discovered. This vulnerability arises from inadequate validation of user input for the parameter. This allows attackers to inject malicious SQL queries, enabling unauthorized access to the system, modification or deletion of data, and retrieval of sensitive information. Vulnerability Details and POC Vulnerable Location: parameter Payload: Recommended Remediation 1. Use prepared statements with parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges.