| عنوان | code-projects Web-Based Inventory and POS System 1.0 SQL Injection |
|---|
| الوصف | SQL injection allows attackers to read, modify or delete sensitive data, bypass authentication, execute system commands and cause data breaches that result in legal and financial damage.
In the transaction.php file of pos-system, the shopid parameters are obtained, and the SQL statement is concatenated to the SQL statement without filtering the execution, resulting in SQL injection vulnerabilities and server permissions |
|---|
| المصدر | ⚠️ https://github.com/asd1238525/cve/blob/main/SQL7.md |
|---|
| المستخدم | LT202108729 (UID 90406) |
|---|
| ارسال | 01/10/2025 10:17 AM (9 أشهر منذ) |
|---|
| الاعتدال | 07/10/2025 02:57 PM (6 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327368 [code-projects Web-Based Inventory and POS System 1.0 /transaction.php shopid حقن SQL] |
|---|
| النقاط | 20 |
|---|