SQL Injection

[binarioGH]

Hello! I hope you are having a good day, I found your code and i started reading it and i noticed that you have a SQL injection vulnerability which can allow login bypass.

In the line 34 of the file lms/LMS/user/views.py You can find the following line of code.
cursor.execute("SELECT * from users where email = '{}' and password = '{}' ".format(email,password))

using .format() in cursor.execute is dangerous, because the user input is not sanitized, so a user could input an email and the string ' or '1' = '1 and the login would be correct without having the correct password.

I haven't tried executing this vulnerability, so i would appreciate if you try to execute it in your system to tell me if it works or not.

To solve this, instead of using .format() i recommend you using the following method:

query = "SELECT * from users where email = %s and password = %s "
cursor.execute(query, (email, password))

In this way, the user input wouldn't be interpreted as sql commands and your app would be safer.