| عنوان | SourceCodester Simple Student Attendance System using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| الوصف | The vulnerability exists in the student_form.php file at line 6, where the id parameter is accepted without proper sanitization and validation. This id parameter is subsequently passed to the get_student() function located in actions.class.php at line 127. Due to insufficient input validation, this allows for SQL Injection attacks that indeed lead to xss in in the student_form.php file at line 22. |
|---|
| المصدر | ⚠️ https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing |
|---|
| المستخدم | R0ck3t (UID 70759) |
|---|
| ارسال | 18/06/2024 08:16 PM (2 سنوات منذ) |
|---|
| الاعتدال | 20/06/2024 07:26 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 269276 [SourceCodester Simple Student Attendance System 1.0 student_form.php get_student معرف البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|