| عنوان | needyamin Library-Card-System 1.0 SQL Injection |
|---|
| الوصف | SQL Injection Vulnerability Found By Maloy Roy Orko to In The Admin Panel Of Library-Card-System 1.0(Vendor: Needyamin).The Admin Panel (admin.php) Can Be Bypassed Via SQL Injection Admin Bypass Payloads Which Makes The Backend Login Checking Condition True And Let Us Login Without Correct Credentials.
Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
Vendor Link:
https://github.com/needyamin/
Vendor: needyamin
Product Name: Library-Card-System
Type: Library-Card-System
????????????????????
Title of the Vulnerability: Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: SQL Injection
Product Name: Library-Card-System
Affected Components: /admin.php
Suggested Description:
SQL Injection in "admin.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to bypass admin login check & login into admin panel as no valudations are provided" via "admin/gallery.php".
Attack Vectors:
To exploit vulnerability,he has to put SQL Injection Admin Bypass Payloads in /admin.php.Thus, Attacker can gain access to Admin Panel !
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1 |
|---|
| المصدر | ⚠️ https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1 |
|---|
| المستخدم | MaloyRoyOrko (UID 79572) |
|---|
| ارسال | 20/01/2025 01:31 AM (1 سنة منذ) |
|---|
| الاعتدال | 29/01/2025 04:38 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 293999 [needyamin Library Card System 1.0 Login admin.php email/password حقن SQL] |
|---|
| النقاط | 20 |
|---|