| عنوان | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
|---|
| الوصف | The Online College Event Hall Reservation System demonstrates a significant SQL Injection vulnerability within its `/admin/update-rooms.php` script. This vulnerability arises from the application's handling of the `room_id` parameter, where user input is directly incorporated into an SQL query without proper sanitization or preparation. As shown in the provided proof of concept, attackers can exploit this flaw to execute arbitrary SQL commands, such as delaying the server response with a `sleep(5)` function. This issue highlights the critical need for using parameterized queries or other secure coding practices to protect the database from SQL Injection attacks, ensuring the integrity and security of the application's data. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-rooms.php.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 08/03/2024 05:37 AM (2 سنوات منذ) |
|---|
| الاعتدال | 15/03/2024 05:29 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 256965 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-rooms.php room_id حقن SQL] |
|---|
| النقاط | 20 |
|---|