| عنوان | code-projects Project Monitoring System V1 SQL Injection |
|---|
| الوصف | A high-severity SQL injection vulnerability was discovered in the /useredit.php component of the "Project Monitoring System". The root cause is the improper neutralization of special elements used in an SQL command, specifically within the uid parameter.
This vulnerability is easily exploitable by a remote attacker without requiring prior authentication. A successful attack would grant the malicious actor direct, unfettered access to the backend database. This could result in the complete exfiltration of sensitive information, such as user login credentials, personal identifiable information (PII), and proprietary project data. Beyond data theft, the attacker could manipulate or destroy critical data, disrupting business operations and compromising the integrity of all information managed by the system. Given the low complexity of the attack and the high impact on confidentiality and integrity, this vulnerability requires immediate remediation. |
|---|
| المصدر | ⚠️ https://github.com/tiancesec/CVE/issues/8 |
|---|
| المستخدم | Hacking in SHU (UID 91413) |
|---|
| ارسال | 08/10/2025 05:24 PM (7 أشهر منذ) |
|---|
| الاعتدال | 10/10/2025 01:49 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327907 [code-projects Project Monitoring System 1.0 /useredit.php uid حقن SQL] |
|---|
| النقاط | 20 |
|---|