| Title | phpgurukul Small CRM in PHP 1 SQL Injection |
|---|
| Description | In the file 'index.php' located at '/crm/admin/index.php' in parameter 'email=', there is a possibility of performing SQL injection on the 'email=' parameter. This allows attackers to inject malicious SQL code into the query. For example, if the 'email=' parameter is set to:
For boolean-based blind
Payload: email=admin' AND 9339=9339 AND 'pBtA'='pBtA&password=admin&login= |
|---|
| Source | ⚠️ https://phpgurukul.com/small-crm-php/ |
|---|
| User | Havook (UID 71104) |
|---|
| Submission | 12/26/2024 08:45 PM (1 Year ago) |
|---|
| Moderation | 12/28/2024 09:35 AM (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289662 [PHPGurukul Small CRM 1.0 /admin/index.php email sql injection] |
|---|
| Points | 20 |
|---|