| عنوان | code-projects Real Estate Property ManagementSystem v1.0 php SQL Injection |
|---|
| الوصف | In search.php. An unrestricted SOL injection attack exists in an Real Estate Property Management System. Theparameters that can be controlled are as follows: $stateName parameter . This function executesthe id parameter into the SOL statement without any restrictions. A malicious attacker couldexploit this vulnerability to obtain sensitive information in the server database. |
|---|
| المصدر | ⚠️ https://github.com/1337g/realestatepropertymanagement_poc/blob/main/sql-gu2.pdf |
|---|
| المستخدم | 1337gu (UID 80869) |
|---|
| ارسال | 12/02/2025 06:13 PM (1 سنة منذ) |
|---|
| الاعتدال | 16/02/2025 03:17 PM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 295983 [code-projects Real Estate Property Management System 1.0 /search.php StateName/CityName/AreaName/CatId حقن SQL] |
|---|
| النقاط | 20 |
|---|