| عنوان | Complaint Management System V1.0 SQL Injection |
|---|
| الوصف | A severe SQL Injection vulnerability has been identified in the /admin/state.php file of the Phpgurukul Complaint Management System v1.0. This flaw allows attackers to inject malicious SQL code through the state parameter without requiring any form of authentication, potentially leading to unauthorized data access, data manipulation, and complete system compromise.The vulnerability arises because the application directly embeds user-supplied input from the state parameter into SQL queries without implementing adequate sanitization or validation mechanisms. This oversight permits attackers to manipulate the SQL query structure by injecting malicious code, thereby executing unintended database operations. |
|---|
| المصدر | ⚠️ https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md |
|---|
| المستخدم | angrysheep (UID 79486) |
|---|
| ارسال | 26/12/2024 11:21 AM (1 سنة منذ) |
|---|
| الاعتدال | 26/12/2024 06:12 PM (7 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289353 [PHPGurukul Complaint Management System 1.0 /admin/state.php state حقن SQL] |
|---|
| النقاط | 20 |
|---|