| عنوان | code-projects Simple Food Ordering System in PHP 1.0 SQL Injection |
|---|
| الوصف | The Simple Food Ordering System in PHP is vulnerable to a Time-Based Blind SQL Injection through the status parameter in the all-tickets.php endpoint.
The application fails to properly validate and sanitize user-supplied input before incorporating it into SQL queries. Because of this, an attacker can inject malicious SQL statements into the status parameter. By using time-delay functions such as SLEEP(), attackers can confirm the presence of SQL injection and potentially extract sensitive information from the backend database.
The vulnerability can be triggered by sending a specially crafted HTTP request containing a time-based SQL payload. When the payload is processed by the application, the database executes the injected SLEEP() command, causing the server response to be delayed. This delay confirms that the SQL query is being executed without proper input validation.
Successful exploitation of this vulnerability could allow attackers to enumerate the database structure, extract sensitive information, bypass authentication mechanisms, and manipulate database contents |
|---|
| المصدر | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20(Time-Based%20Blind)Simple%20Food%20Ordering%20System%20in%20PHP.md?plain=1 |
|---|
| المستخدم | AhmadMarzouk (UID 95993) |
|---|
| ارسال | 07/03/2026 12:19 AM (2 أشهر منذ) |
|---|
| الاعتدال | 21/03/2026 09:03 AM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352321 [code-projects Simple Food Ordering System 1.0 all-tickets.php الحالة حقن SQL] |
|---|
| النقاط | 20 |
|---|