| عنوان | itsourcecode Agri-Trading Online Shopping System V1.0 SQL Injection |
|---|
| الوصف | During security testing of the "Agri-Trading Online Shopping System", a critical unauthenticated SQL injection vulnerability was identified in the "/admin/suppliercontroller.php" file. This vulnerability originates from complete lack of input validation on the 'supplier' parameter. Attackers can directly inject malicious SQL queries through this parameter without requiring any authentication or valid credentials. The vulnerability poses an immediate threat to system security as it can be exploited remotely without any prior access requirements. Urgent remediation is necessary to prevent potential data breaches and system compromise. |
|---|
| المصدر | ⚠️ https://github.com/Sp1d3rL1/CVE/issues/7 |
|---|
| المستخدم | sp1d3r (UID 77907) |
|---|
| ارسال | 01/07/2025 03:22 PM (10 أشهر منذ) |
|---|
| الاعتدال | 07/07/2025 10:40 AM (6 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 315132 [itsourcecode Agri-Trading Online Shopping System حتى 1.0 suppliercontroller.php supplier حقن SQL] |
|---|
| النقاط | 20 |
|---|