Submit #473143: Code-projects Chat System 1.0 SQL Injectioninfo

TitleCode-projects Chat System 1.0 SQL Injection
DescriptionBecause the id parameter is not sanitized or parameterized, an attacker can inject malicious SQL code to manipulate the database query. By leveraging time-based SQL injection techniques, an attacker can induce deliberate delays in the database response using functions like SLEEP(). This can be used to confirm the presence of the vulnerability and potentially extract sensitive information from the database.
Source⚠️ https://github.com/Sinon2003/cve/blob/main/sql_inject1.md
User
 Rorochan (UID 79656)
Submission01/01/2025 09:35 AM (2 months ago)
Moderation01/02/2025 09:32 AM (24 hours later)
StatusAccepted
VulDB Entry289938 [code-projects Chat System 1.0 /admin/deleteuser.php id sql injection]
Points20