| عنوان | boyiddha Automated-Mess-Management-System 1.0 SQL Injection |
|---|
| الوصف | The Automated-Mess-Management-System by boyiddha is susceptible to a SQL Injection flaw in its login functionality, enabling unauthorized access to the admin panel. By injecting crafted SQL queries through the 'useremail' parameter, attackers can bypass authentication, gaining elevated privileges without valid credentials. This issue poses a significant risk of unauthorized access to sensitive areas of the application. To mitigate the vulnerability, developers should implement stringent input validation, utilize parameterized queries, and enforce least privilege principles to limit access to sensitive functionalities. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 26/02/2024 04:53 PM (2 سنوات منذ) |
|---|
| الاعتدال | 07/03/2024 05:04 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 256049 [boyiddha Automated-Mess-Management-System 1.0 Login Page /index.php useremail حقن SQL] |
|---|
| النقاط | 20 |
|---|