| عنوان | itsourcecode News Portal Project v1.0 SQL Injection |
|---|
| الوصف | During the security review of the News Portal Project, a critical SQL injection vulnerability was identified in the **`/admin/index.php`** file. The application directly incorporates user-supplied input into an SQL query without proper validation or the use of prepared statements. As a result, attackers can inject malicious SQL queries through the **username/email parameter** used in the administrator login function.
Successful exploitation of this vulnerability may allow attackers to bypass authentication and gain unauthorized access to sensitive administrative information. Immediate remediation is required to mitigate the risk and ensure the security and integrity of the system and its data. |
|---|
| المصدر | ⚠️ https://github.com/wan1yan/cve/issues/2 |
|---|
| المستخدم | wanyan (UID 95221) |
|---|
| ارسال | 06/02/2026 12:50 PM (3 أشهر منذ) |
|---|
| الاعتدال | 08/02/2026 05:07 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344942 [itsourcecode News Portal Project 1.0 Administrator Login /admin/index.php email حقن SQL] |
|---|
| النقاط | 20 |
|---|