| Titel | SQL Database Error could lead to SQL Injection in minical v1.0.0 |
|---|
| Beschreibung | # VULNERABILITY-TYPE : Unchecked Error Condition
# VENDOR OF THE PRODUCT : minical
# AFFECTED PRODUCT : minical/minical
# VERSION: v1.0.0
# ATTACK TYPE : REMOTE
# IMPACT: CODE EXECUTION
# AFFECTED COMPONENTS: SOURCE-CODE(show_bookings)
# ATTACK VECTOR: show_bookings(search_query)
# DESCRIPTION: Minical ,an open-source PMS v1.0.0 suffers from Unchecked Error Condition via search_query
# Vendor Homepage: https://github.com/minical/minical
# Software Link:https://github.com/minical/minical/archive/refs/tags/v1.0.0.zip
# REFERENCE:
1.) https://cwe.mitre.org/data/definitions/391.html
# PROOF_OF_CONCEPT
GITHUB_LINK: https://github.com/ctflearner/Vulnerability/blob/main/MINICAL/minical.md
|
|---|
| Quelle | ⚠️ https://github.com/minical/minical |
|---|
| Benutzer | Affan (UID 39417) |
|---|
| Einreichung | 09.06.2023 17:30 (vor 3 Jahren) |
|---|
| Moderieren | 18.06.2023 09:06 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 231803 [miniCal 1.0.0 /booking/show_bookings/ search_query SQL Injection] |
|---|
| Punkte | 20 |
|---|