إرسال #855969: code-projects Online Job Portal System V1.0 SQL Injectionالمعلومات

عنوانcode-projects Online Job Portal System V1.0 SQL Injection
الوصفDuring a security review of "Online Job Portal System", a UNION-based SQL injection vulnerability was discovered in /Admin/EditUser.php. The UserId GET parameter is injected directly into a SELECT query with no sanitization. The query result is rendered into editable HTML form fields, making injected column values immediately visible and extractable via standard HTTP responses. This endpoint requires no authentication, and when combined with the other SQL injection vulnerabilities in the same project, provides the most straightforward path to full database extraction and credential theft, including plaintext administrator passwords.
المصدر⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/3
المستخدم
 dazhi (UID 87857)
ارسال11/06/2026 12:30 PM (1 شهر منذ)
الاعتدال13/07/2026 11:19 PM (1 month later)
الحالةتمت الموافقة
إدخال VulDB378165 [code-projects Online Job Portal 1.0 /Admin/EditUser.php UserId حقن SQL]
النقاط20

Do you want to use VulDB in your project?

Use the official API to access entries easily!