CVE-2023-31845
Description
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in Sourcecodester Faculty Evaluation System v1.0 allows authenticated admins to extract database info via id parameter in manage_class.php.
Vulnerability
The Faculty Evaluation System v1.0 by Sourcecodester is vulnerable to SQL injection in the file /eval/admin/manage_class.php via the id parameter [1]. The vulnerability is present in the admin panel and requires admin authentication. The application uses PHP and MySQL.
Exploitation
An authenticated admin can send a crafted GET request to /eval/admin/manage_class.php?id=1%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ to trigger an error-based SQL injection that reveals the database name [1]. The attacker needs admin credentials (default: admin@admin.com/admin123) and can manipulate the id parameter to extract other data.
Impact
Successful exploitation allows an attacker to extract sensitive information from the database, including potentially user credentials and other data, via error-based SQL injection. The scope is limited to database information disclosure.
Mitigation
As of the reference date, no official fix has been released. The vendor (Sourcecodester) may not have issued a patch. Users should apply input sanitization and use prepared statements to prevent SQL injection. The application version 1.0 is affected.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Sourcecodester/Faculty Evaluation Systemdescription
- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.