| عنوان | SourceCodester E-Commerce Website 1.0 SQL Injection |
|---|
| الوصف | Title: SQL Injection Vulnerability in /Admin/registration.php Endpoint
Summary: A SQL injection vulnerability has been discovered in thehttps://www.sourcecodester.com/php/14211/online-art-gallery-management-system-project-using-phpmysql.html (/Admin/registration.php) endpoint of a web application. The vulnerability exists in the username field, where user input is not properly sanitized, allowing an attacker to inject malicious SQL queries. This can lead to unauthorized access, database extraction, or other malicious actions, depending on the exploitation method used.
Vulnerable Endpoint: /Admin/registration.php
Vulnerable parameter: fname
Vulnerable Field: Username field
detailed POC in advisory |
|---|
| المصدر | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Online-Art-Gallary-Management-System-onlinadvisory-sqli.md |
|---|
| المستخدم | guru (UID 74056) |
|---|
| ارسال | 26/08/2024 01:48 PM (2 سنوات منذ) |
|---|
| الاعتدال | 27/08/2024 02:34 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 275926 [SourceCodester E-Commerce Website 1.0 /Admin/registration.php fname حقن SQL] |
|---|
| النقاط | 20 |
|---|