SQL Injection Authentication Bypass on Integrated University Management System (IUMS)

S

Description

Authentication bypass vulnerability in all versions of Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via Teachers Web Panel (TWP). If exploited, the attackers could perform any actions with administrator privileges (enumerate/delete all the students personal information, modify various settings).

Vendor Website

Proof-of-Concept

User ID: ADMIN’– Password: ADMIN’–

SQL Injection Authentication Bypass

Login Bypassed with administrator privileges

Disclosure Timeline

  • Affected Version: All Existing Versions
  • Vendor Contact: April 10, 2019
  • Blog Post Published: April 12, 2019
  • Applied for CVE: April 12, 2019

About Me
InfoSec Researcher & Penetration Tester
By Ziaur Rashid

Categories

Recent Posts