| عنوان | boyiddha Automated-Mess-Management-System 1.0 SQL Injection |
|---|
| الوصف | The vulnerability in the Automated-Mess-Management-System's /member/view.php endpoint enables SQL Injection attacks. By injecting crafted SQL payloads into the 'date' parameter, attackers can manipulate SQL queries executed by the application. This could lead to unauthorized access to sensitive information, data leakage, or even complete database compromise. Remediating this issue involves implementing proper input validation and using parameterized queries to prevent SQL Injection attacks. Additionally, access controls should be enforced to limit user privileges and mitigate the impact of such vulnerabilities. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 26/02/2024 05:14 PM (2 سنوات منذ) |
|---|
| الاعتدال | 07/03/2024 05:04 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 256050 [boyiddha Automated-Mess-Management-System 1.0 /member/view.php التاريخ حقن SQL] |
|---|
| النقاط | 20 |
|---|