| عنوان | Code-projects Chat System 1.0 Improper Access Controls |
|---|
| الوصف | Chat System allows attackers to perform unauthorized actions through this interface. Due to the lack of session authentication and other security measures, attackers can execute SQL injection and arbitrary room deletion.
(Parameter key-value: id=4' or sleep(5)#&del=1) (SQL injection)
(Parameter key-value: id={value}&del=1) (`value` represents the `id`, allowing unauthorized enumeration and deletion) |
|---|
| المصدر | ⚠️ https://github.com/Sinon2003/cve/blob/main/chatsystem/unauthorized.md |
|---|
| المستخدم | Rorochan (UID 79656) |
|---|
| ارسال | 01/01/2025 12:00 PM (1 سنة منذ) |
|---|
| الاعتدال | 02/01/2025 09:32 AM (22 hours later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 289939 [code-projects Chat System 1.0 /admin/deleteroom.php معرف حقن SQL] |
|---|
| النقاط | 0 |
|---|