| عنوان | SourceCodester Employee Management System 1.0 SQL Injection |
|---|
| الوصف | A critical SQL injection vulnerability in the SourceCodester Employee Management System's cancel.php script allows attackers to manipulate SQL queries through the id parameter, potentially canceling all leave applications irrespective of their legitimacy. By crafting a malicious payload, such as "1 or 1=1", attackers can exploit this flaw, leading to chaos within the system and disrupting normal operations. Remediation involves implementing robust input validation, parameterized queries, and access controls to prevent unauthorized access and manipulation of sensitive data. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 24/02/2024 11:57 AM (2 سنوات منذ) |
|---|
| الاعتدال | 25/02/2024 07:30 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 254725 [SourceCodester Employee Management System 1.0 /cancel.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|