| عنوان | Needyamin Library-Card-System 1.0 SQL Injection |
|---|
| الوصف | Title of the Vulnerability: Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: SQL Injection
Product Name: Library-Card-System
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
Affected Components:
ID Parameters
Suggested Description:
SQL Injection in "id parameter" in "Library-Card-System By needyamin v 1.0" allows "remote" attacker "to dump database as this isn't protected" via "card.php?id="
Attack Vectors:
To exploit vulnerability,he has to input exploits via parameters and then he can dump whole database.
Detailed Blog:
https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html |
|---|
| المصدر | ⚠️ https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html |
|---|
| المستخدم | MaloyRoyOrko (UID 79572) |
|---|
| ارسال | 06/02/2025 04:38 PM (1 سنة منذ) |
|---|
| الاعتدال | 15/02/2025 04:30 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 295964 [needyamin Library Card System 1.0 card.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|