Can you explain this vulnerability to me?

CVE-2026-36950 is an SQL injection vulnerability in the Online Thesis Archiving System v1.0 by Sourcecodester. The flaw exists in the file /otas/projects_per_department.php, specifically in the URL parameter 'id' of the endpoint /otas/?page=projects_per_department&id=. This parameter is not properly sanitized, allowing an attacker to inject arbitrary SQL commands.

An attacker can exploit this by appending malicious SQL code, such as a UNION SELECT statement, to retrieve sensitive information from the backend database named 'otas_db'. For example, the payload can extract the current database name. This injection can be performed within an authenticated session or a standard user context.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This SQL injection vulnerability can lead to unauthorized extraction of sensitive database information. Attackers may gain access to confidential data stored in the Online Thesis Archiving System.

Beyond data leakage, the vulnerability could allow attackers to manipulate data, escalate privileges, or perform other malicious actions within the system, potentially compromising the integrity and confidentiality of the thesis archiving data.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This SQL injection vulnerability can be detected by testing the vulnerable URL parameter with crafted payloads that attempt to manipulate the SQL query. Specifically, the parameter `id` in the endpoint `/otas/?page=projects_per_department&id=` is injectable.

A common detection method is to send a request with a payload that appends a UNION SELECT statement to extract database information, such as:

• /otas/?page=projects_per_department&id=-4' union select 1,database(),3,4,5,6--+

If the response contains the database name or other unexpected data, it indicates the presence of the SQL injection vulnerability.

You can use command-line tools like curl to test this, for example:

• curl "http://target/otas/?page=projects_per_department&id=-4'%20union%20select%201,database(),3,4,5,6--+" -H "Cookie: PHPSESSID=your_session_id"

Replace `your_session_id` with a valid session cookie if authentication is required.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The SQL injection vulnerability in the Online Thesis Archiving System v1.0 allows attackers to extract sensitive database information and potentially manipulate or escalate privileges within the system.

Such unauthorized access and data leakage can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Therefore, this vulnerability poses a risk to compliance by potentially exposing sensitive data and failing to maintain the confidentiality and integrity required by these standards.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate the SQL injection vulnerability in the Online Thesis Archiving System v1.0, immediate steps include sanitizing and validating the input parameter 'id' in the /otas/projects_per_department.php file to prevent arbitrary SQL commands.

Implement prepared statements or parameterized queries in the PHP code to safely handle user inputs and avoid direct concatenation of input into SQL queries.

Restrict database permissions to limit the impact of a potential injection attack.

If possible, apply any available patches or updates from the vendor or source to fix the vulnerability.

Monitor and review logs for suspicious activities related to the vulnerable endpoint.

Useful 0 Not Useful 0