Submit #269724: SMSot SMSot <=2.12 SQL Injectioninfo

TitelSMSot SMSot <=2.12 SQL Injection
BeschreibungThe 'get.php' file in the SMSot software version 2.12 and below, hosted on fours.smsot.com, is susceptible to SQL Injection attacks. This vulnerability exists due to the direct concatenation of the 'cid' parameter into the SQL query. An attacker can exploit this flaw by manipulating the 'cid' parameter in the HTTP GET request, potentially gaining unauthorized access to sensitive information from the database.
Quelle⚠️ https://note.zhaoj.in/share/vo1KOw3EYmBK
Benutzer
 glzjin (UID 59815)
Einreichung18.01.2024 10:40 (vor 2 Jahren)
Moderieren19.01.2024 12:25 (1 day later)
StatusAkzeptiert
VulDB Eintrag251557 [Smsot bis 2.12 /get.php tid SQL Injection]
Punkte19

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!