| عنوان | sourcecodester Survey Application System 1.0 SQL Injection |
|---|
| الوصف | view_survey.php directly interpolates $_GET['id'] into an SQL statement without validation or prepared statements. An attacker controlling the id parameter can inject SQL that does not return visible differences but creates measurable delays on the database server. This enables time-based blind SQL injection. The vulnerability is exploitable remotely and without authentication. |
|---|
| المصدر | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System%202%20.md |
|---|
| المستخدم | lakshay12311 (UID 91298) |
|---|
| ارسال | 26/10/2025 10:48 AM (6 أشهر منذ) |
|---|
| الاعتدال | 12/11/2025 01:43 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 332187 [SourceCodester Survey Application System 1.0 /view_survey.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|