| عنوان | Taokeyun Taokeyun ≤1.0.5 SQL Injection |
|---|
| الوصف | The Taokeyun software, version 1.0.5 and below, has been identified with a SQL Injection vulnerability. This vulnerability resides in the 'Drs.php' file within the 'login' function where user input parameter 'cid' is directly concatenated into a SQL query. This insecure practice allows an attacker to manipulate the SQL query by injecting malicious payloads, such as 'or sleep(5)', leading to potential unauthorized access to sensitive data. This vulnerability has been confirmed by the bug author, glzjin, and poses a serious risk to systems running the affected versions of the software. |
|---|
| المصدر | ⚠️ https://note.zhaoj.in/share/0KtyJccrP3Ba |
|---|
| المستخدم | glzjin (UID 59815) |
|---|
| ارسال | 11/01/2024 08:14 AM (2 سنوات منذ) |
|---|
| الاعتدال | 12/01/2024 12:11 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 250585 [Taokeyun حتى 1.0.5 HTTP POST Request Drs.php index cid حقن SQL] |
|---|
| النقاط | 20 |
|---|