| Titel | SQL Injection in Employee Payslip Generator System 1.2.0 |
|---|
| Beschreibung | An attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system.
PoC blog: https://blog.0xgabe.com/?p=90
References:
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| Quelle | ⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 11.03.2023 19:40 (vor 3 Jahren) |
|---|
| Moderieren | 12.03.2023 08:16 (13 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save Benutzername SQL Injection] |
|---|
| Punkte | 20 |
|---|