| Titel | SourceCodester Inventory Management System 1.0 has a SQL injection vulnerability in staff_data.php Software |
|---|
| Beschreibung | SourceCodester Inventory Management System 1.0 has a SQL injection vulnerability in staff_data.php
Software
Software: Inventory Management System 1.0
Software Link: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html
Vulnerability Type: SQLi
Attack Type: Remote
Vendor of Product: Sourcecodester
Description
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. SourceCodester Inventory Management System 1.0 has a SQL injection vulnerability in staff_data.php. The manipulation of the argument columns%5B0%5D%5Bdata%5D leads to SQLi. Remote attackers can leverage this to affect any other users that visit that portion of the application.
https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory%20Management%20System%20SQLi%20staff_data.md |
|---|
| Quelle | ⚠️ https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory%20Management%20System%20SQLi%20staff_data.md |
|---|
| Benutzer | error404unknown (UID 53361) |
|---|
| Einreichung | 27.08.2023 05:32 (vor 3 Jahren) |
|---|
| Moderieren | 27.08.2023 08:07 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 238159 [SourceCodester Inventory Management System 1.0 staff_data.php columns[0][data] SQL Injection] |
|---|
| Punkte | 20 |
|---|