| عنوان | XSot TimeMail ≤v1.1 SQL Injection |
|---|
| الوصف | The TimeMail application, specifically in versions up to and including 1.1, contains a SQL Injection vulnerability within the check.php file, where the 'c' parameter, which is meant to represent a code, is improperly sanitized before being used in a database query, allowing an attacker to manipulate the query and potentially interact with the database in unauthorized ways, such as by injecting a sleep(5) command to cause a deliberate delay and confirm the vulnerability. |
|---|
| المصدر | ⚠️ https://note.zhaoj.in/share/VSutvlpgCJkD |
|---|
| المستخدم | glzjin (UID 59815) |
|---|
| ارسال | 06/01/2024 06:49 AM (2 سنوات منذ) |
|---|
| الاعتدال | 09/01/2024 02:55 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 250112 [soxft TimeMail حتى 1.1 check.php c حقن SQL] |
|---|
| النقاط | 20 |
|---|