| Title | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| Description | The Post-Office application, specifically version v1.0 or below, has been identified to contain a SQL Injection vulnerability within its /apps/login_auth.php file. The flaw arises due to the unfiltered inclusion of the 'username_login' parameter in the SQL query, which can be exploited by attackers. By crafting malicious SQL commands, such as using the 'sleep' function in an injected payload, attackers can manipulate the backend database, potentially leading to unauthorized access or data compromise. This security issue has been disclosed by the author glzjin, and users of the affected software hosted on GitHub and discussed on various forums are advised to seek patches or updates to mitigate the risk. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/neURUa2NSxzd |
|---|
| User | glzjin (ID 59815) |
|---|
| Submission | 01/05/2024 05:40 (4 months ago) |
|---|
| Moderation | 01/14/2024 17:38 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 250699 |
|---|