إرسال #100518: SQL Injection in Employee Payslip Generator System 1.2.0المعلومات

عنوانSQL Injection in Employee Payslip Generator System 1.2.0
الوصفAn attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system. PoC blog: https://blog.0xgabe.com/?p=90 References: https://portswigger.net/web-security/sql-injection https://owasp.org/www-community/attacks/SQL_Injection
المصدر⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html
المستخدم
 Anonymous User
ارسال11/03/2023 07:40 PM (3 سنوات منذ)
الاعتدال12/03/2023 08:16 AM (13 hours later)
الحالةتمت الموافقة
إدخال VulDB222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save أسم المستخدم حقن SQL]
النقاط20

Want to know what is going to be exploited?

We predict KEV entries!