Institute Admission Software 2.5 SQL Injection

Institute Admission Software 2.5 is critically vulnerable to SQL Injection.

This Institute Admission Software 2.5 is critically vulnerable to SQL Injection.

This flaw arises from inadequate input sanitization, allowing attackers to embed malicious SQL code directly into user-supplied data fields (e.g., login forms, search queries).

When the application processes this input, the injected SQL code is executed by the underlying database server.

Consequences are severe:
* Unauthorized access to sensitive student data (personal info, grades, application statuses).
* Authentication bypass, granting administrative privileges.
* Manipulation or deletion of database records.
* Potential for complete database compromise.

This vulnerability poses a significant risk to data privacy and system integrity, necessitating immediate patching or migration to a secure version.

=============================================================================================================================================
| # Title : Institute Admission Software 2.5 SQL INjection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 137.0.1 (64 bits) |
| # Vendor : https://softmaart.com/institute-admission-software.php |
=============================================================================================================================================

POC :

[+] Dorking ?n Google Or Other Search Enggine.

[+] Use PayLoad : http://127.0.0.1/chinmayadc.edu.in/department.php?id=59 <============ inject here .

[+] Login : http://127.0.0.1/chinmayadc.edu.in/admin_panel/



Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================