| Title | sourcecodester Petrol pump management software 1.0 SQL Injection |
|---|
| Description | The Petrol Pump Management Software developed by SOURCECODESTER contains a critical SQL Injection vulnerability within its /admin/app/login_crud.php component. This vulnerability arises due to the application's failure to properly sanitize user inputs for the email field in the login process. Attackers can exploit this flaw by crafting malicious SQL queries, which are executed by the server without proper validation. The provided proof of concept demonstrates an attack where an SQL UNION SELECT query is injected through the email parameter, effectively bypassing authentication mechanisms to gain unauthorized access or manipulate the application's data. This particular vulnerability underscores the importance of employing prepared statements or parameterized queries in handling user inputs, thus mitigating the risks associated with SQL Injection attacks, which can lead to unauthorized access, data leaks, and potentially compromising the entire database system. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/login_crud.php%20SQL%20Injection.md |
|---|
| User | nochizplz (ID 64302) |
|---|
| Submission | 02/29/2024 04:53 (2 months ago) |
|---|
| Moderation | 03/01/2024 07:54 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 255375 |
|---|