| عنوان | Event Management System V1.0 sql |
|---|
| الوصف | A critical SQL injection vulnerability has been identified in the Event Management System In PHP With Source Code (v1.0). Attackers can exploit the title parameter within /contact.php to inject malicious SQL code, potentially gaining full access to the underlying database. Immediate remediation is strongly advised.
Insufficient user input validation of the title parameter allows direct injection of malicious payloads into SQL queries.
Potential Consequences
Unauthorized Database Access: Attackers may read or modify protected information.
Data Leakage: Sensitive records (e.g., customer info) can be exposed.
Data Tampering: Malicious actors can create, update, or delete records.
Operational Disruption: System downtime or service interruption. |
|---|
| المصدر | ⚠️ https://github.com/T3rm1n4L-LYC/Vuldb/blob/main/SQL_Injection_in_Event_Management_System.md |
|---|
| المستخدم | T3rm1n4L (UID 79535) |
|---|
| ارسال | 27/12/2024 05:53 PM (1 سنة منذ) |
|---|
| الاعتدال | 28/12/2024 10:02 AM (16 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289668 [Codezips Event Management System 1.0 /contact.php عنوان حقن SQL] |
|---|
| النقاط | 20 |
|---|