| عنوان | SQL Injection in Employee Payslip Generator System 1.2.0 |
|---|
| الوصف | An attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system.
PoC blog: https://blog.0xgabe.com/?p=90
References:
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| المصدر | ⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 11/03/2023 07:40 PM (3 سنوات منذ) |
|---|
| الاعتدال | 12/03/2023 08:16 AM (13 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save أسم المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|