| عنوان | Online Computer and Laptop Store SQL injection exists at order deletion point |
|---|
| الوصف | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In the backend of the system, there is an order management function where you can delete system orders. When deleting, it is done based on the order ID. However, it was not pre compiled. There is also no filtering of user input content, and there is SQL injection. Malicious users can splice SQL statements to cause harm to the platform. |
|---|
| المصدر | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/3-SQL%20injection%20exists%20at%20order%20deletion%20point.pdf |
|---|
| المستخدم | ddea (UID 38989) |
|---|
| ارسال | 11/04/2023 05:27 PM (3 سنوات منذ) |
|---|
| الاعتدال | 11/04/2023 06:40 PM (1 hour later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 225534 [SourceCodester Online Computer and Laptop Store 1.0 master.php?f=delete_order معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|