| عنوان | SQL injection vulnerability in Sports Club Management System |
|---|
| الوصف | Enter admin1/admin1 to enter the background,Click payment, and then add payment。Enter MEMBERSHIP ID,MEMBERSHIP ID is the SQL injection parameter。In admin/make_ Payments.php, at line 119, the information entered by the user is submitted to submit_ Payments.php, follow up the code, and we can see that the m entered by the user_ The ID is assigned to $memID. Without any filtering, it is directly inserted into the database for query, and the query results are returned, causing SQL injection vulnerabilities。The SQL injection vulnerability is due to the data submitted by the user, which is directly brought into the database without filtering and executed SQL statements,SQL injection vulnerability can obtain database sensitive information。 |
|---|
| المصدر | ⚠️ https://github.com/shreyansh225/Sports-Club-Management-System/issues/6 |
|---|
| المستخدم | ace. (UID 34853) |
|---|
| ارسال | 16/11/2022 08:18 AM (4 سنوات منذ) |
|---|
| الاعتدال | 16/11/2022 08:55 AM (37 minutes later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 213789 [Sports Club Management System 119 admin/make_payments.php m_id/plan حقن SQL] |
|---|
| النقاط | 20 |
|---|