SQL Injection Authentication Bypass on Integrated University Management System (IUMS)



Authentication bypass vulnerability in all versions of Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via Teachers Web Panel (TWP). If exploited, the attackers could perform any actions with administrator privileges (enumerate/delete all the students personal information, modify various settings).

Vendor Website


User ID: ADMIN’– Password: ADMIN’–

SQL Injection Authentication Bypass

Login Bypassed with administrator privileges

Disclosure Timeline

  • Affected Version: All Existing Versions
  • Vendor Contact: April 10, 2019
  • Blog Post Published: April 12, 2019
  • Applied for CVE: April 12, 2019

About Me

InfoSec Researcher & Penetration Tester

By Ziaur Rashid


Recent Posts