| عنوان | 1000 Projects portfolio-management-system v1.0 SQL Injection |
|---|
| الوصف | A critical SQL injection vulnerability exists in 1000project `admin/block_status.php` and `admin/unblock_me.php`. The vulnerability allows an attacker to inject malicious SQL code through base64-encoded parameters, enabling unauthorized modification of user account status.
**Key Characteristics:**
- **Attack Vector**: Base64 encoded parameter injection
- **Impact**: Unauthorized user account status modification
- **Authentication**: Requires admin session (but can be bypassed)
The vulnerability stems from directly concatenating base64-decoded user input into SQL statements without any parameterization or validation. |
|---|
| المصدر | ⚠️ https://github.com/9str0IL/CVE/issues/3 |
|---|
| المستخدم | 9str0il (UID 97218) |
|---|
| ارسال | 10/04/2026 04:59 AM (18 أيام منذ) |
|---|
| الاعتدال | 26/04/2026 09:47 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359742 [1000 Projects Portfolio Management System MCA حتى 1.0 /admin/block_status.php q حقن SQL] |
|---|
| النقاط | 20 |
|---|