| عنوان | CLTPHP Content Management System v3.0 SQL Injection |
|---|
| الوصف | A system were found to have Boolean-Based Blind SQL Injection vulnerabilities, which arise from insufficient validation and sanitization of user-controlled parameters. Boolean-Based Blind SQL Injection leverages differences in application responses (e.g., page behavior, implicit feedback) to infer the validity of injected SQL conditions—without relying on explicit error messages.Attackers can exploit these vulnerabilities to:Extract sensitive database information (e.g., database name, table/column structures, user credentials like hashed passwords).Manipulate or delete database data (e.g., alter user permissions, erase business records) if the database account has write privileges.Bypass authentication (e.g., forge valid login logic via injected conditions) to gain unauthorized system access.Disrupt service continuity (e.g., corrupt critical data tables) or execute further attacks (e.g., lateral movement in internal networks). |
|---|
| المصدر | ⚠️ https://github.com/1276486/CVE/issues/17 |
|---|
| المستخدم | Zre0x1c (UID 89206) |
|---|
| ارسال | 14/10/2025 04:59 PM (8 أشهر منذ) |
|---|
| الاعتدال | 26/10/2025 06:21 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 329919 [CLTPHP 3.0 /home/search.html keyword حقن SQL] |
|---|
| النقاط | 20 |
|---|