关键漏洞信息 Summary Affected Product Name: Library System Affected Version: V1.0 Vendor Homepage: https://code-projects.org/library-system-in-php-with-source-code/ Vulnerability Type: SQL Injection (SQLi) Affected File: /return.php Affected Parameter: id (GET) Authentication Required: None (No login or authorization required to exploit) Description and Impact Root Cause The vulnerability is in the file , where the application processes user-supplied input from the parameter and directly concatenates it into the SQL query string without cleaning, validation, or sanitization. Impact Unauthorized Database Access: Stealing sensitive data. Data Tampering/Destruction: Modifying, deleting, or adding records. System Control: Severe threat to system security and business continuity. Vulnerability Details and PoC PoC Payload Examples Boolean-based blind: Error-based: Time-based blind: Suggested Repair Measures 1. Use Prepared Statements and Parameter Binding - Rewrite all database queries using or PDO with parameter binding. 2. Strict Input Validation and Filtering - Validate and filter user input using PHP functions like or . 3. Minimize Database User Permissions - Ensure the application's database user does not have administrative privileges. 4. Regular Security Audits - Establish a routine for security code reviews and auditing.