إرسال #489192: Codezips Gym Management System in PHP with Source Code V1.0 SQL Injectionالمعلومات

عنوانCodezips Gym Management System in PHP with Source Code V1.0 SQL Injection
الوصفA critical SQL injection vulnerability exists in the rname parameter within /dashboard/admin/saveroutine.php. Attackers can inject arbitrary SQL code via specially crafted values, bypassing input validation. This could lead to unauthorized database access, data manipulation, and potentially full system compromise. Database Compromise: Attackers can read, modify, or delete data. Data Leakage: Sensitive customer/payment information could be exposed. System Interruption: Malicious queries may degrade performance or crash the application. Privilege Escalation: Potential elevation of privileges leading to broader system takeover.
المصدر⚠️ https://github.com/wizdzz/CVE/issues/1
المستخدم
 Wizdzz (UID 80753)
ارسال25/01/2025 03:43 AM (1 سنة منذ)
الاعتدال30/01/2025 04:04 PM (6 days later)
الحالةتمت الموافقة
إدخال VulDB294126 [Codezips Gym Management System 1.0 saveroutine.php rname حقن SQL]
النقاط20

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!