漏洞关键信息 Title: code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CODE 1.0 SQL Injection Description: Student Web Portal In PHP With Source Code - Source Code & Projects Summary: A SQL Injection vulnerability exists due to unsafe string concatenation of user-controlled input into an SQL query. An unauthenticated remote attacker can craft a parameter to manipulate the database query logic. Potential impacts include data disclosure and other effects based on database privileges and deployment configuration. Vulnerability Details: Vulnerability Class: SQL Injection CWE: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) Affected Endpoint: /check_user.php?username=... Affected Parameter: (HTTP GET)username Affected Component/File: check_user.php Database/API: MySQL via mysqli Vulnerable Code (excerpt): Impact: Manipulation of the username-existence check logic. Inconsistent "already exist" vs "available" results. Blind SQL Injection (boolean/time-based) to infer database contents even when errors are suppressed.