bug: sqli vulnerability

[Suhanataneja02]

Description

A possible SQL Injection vulnerability exists in the email input field of the application. During testing, specially crafted input was accepted without proper sanitization or validation, which may allow authentication bypass or unintended backend behavior.

The application does not appear to validate or parameterize user input correctly before processing it on the server side.

This issue could potentially lead to:

• Authentication bypass
• Unauthorized access
• Backend/database manipulation attempts

The issue was identified during security testing and no destructive actions were performed.

Steps to Reproduce

1. Open the application login/input page.
2. Locate the email input field.
3. Enter a crafted SQL injection payload in the email field.
4. Submit the request.
5. Observe that the application accepts the payload and bypasses expected validation/authentication behavior.

Expected Behavior

The application should properly validate and sanitize user input before processing it.

Any malicious or malformed SQL-related payloads should be rejected, escaped, or handled securely using parameterized queries/prepared statements.

Screenshots / Logs

No response

GitHub Username (If applicable)

No response

Environment

Chrome

[github-actions]

👋 Hey @Suhanataneja02, welcome to CommitPulse! 🎉

Thanks for opening your first issue — we're glad you're here.

Before diving in, please take a moment to:

• 📖 Read the CONTRIBUTING.md guide
• 💬 Join our Discord community for faster support and collaboration
• 🏷️ Comment /claim on any open, unassigned issue you'd like to work on

A maintainer will review your issue shortly. Happy contributing! 🚀

[AdityaSekharDas]

/claim

[github-actions]

❌ Only the author of this issue (@Suhanataneja02) can claim it.

[PasandiRanga]

/claim

[github-actions]

❌ Only the author of this issue (@Suhanataneja02) can claim it.

[PasandiRanga]

Hi, I am a GSSoC 2026 contributor and would like to work on this.

[aarushlohit]

/claim

[github-actions]

❌ Only the author of this issue (@Suhanataneja02) can claim it.

[tarunashri6]

Hi! @JhaSourav07 I'd like to work on this issue under GSSoC.

I reviewed the report and understand that it relates to input validation and potential SQL injection concerns in the email field. I'd like to investigate the affected code path, reproduce the behavior safely, and verify whether the issue stems from input validation or backend query handling before proposing a fix.

[github-actions]

👋 Hey @tarunashri6! Looks like you want to work on this issue — awesome! 🎉

We don't assign issues through comments like this. Here's how our system works:

🤖 How to Claim an Issue

Comment /claim on this issue and our bot will automatically assign it to you (if you're eligible).

/claim

⚠️ Note: Only the issue author (@Suhanataneja02) can /claim this issue. If you'd like to contribute, consider opening a new issue for a bug or feature you've found, then claim that one!

📋 A Few Things to Know

• You can hold a maximum of 5 open issues at a time.
• If there's no activity for 3 days, the assignment will automatically expire so others can pick it up.
• Make sure to read our CONTRIBUTING.md before you start — it covers code style, commit conventions, and the PR checklist.

💬 Join Our Discord

Get faster help, collaborate with other contributors, and stay updated with project news:

Happy contributing! 🚀