Online Banking System SQL Injection Vulnerability (CNVD-2022-71426)

Online Banking System is a simple banking system project used to manage bank customers’ accounts and process basic customer transactions. A SQL injection vulnerability exists in Online Banking System, which stems from the lack of filtering and transfer of SQL data in the employee ID and employee password parameters of /staff_login.php. An attacker could exploit the vulnerability by inserting SQL commands into web form submissions or query strings for inputting domain names or page requests, ultimately tricking the server into executing malicious SQL commands.