| Titel | SourceCodester Employee Management System 1.0 SQL Injection |
|---|
| Beschreibung | A critical SQL injection vulnerability in the SourceCodester Employee Management System's cancel.php script allows attackers to manipulate SQL queries through the id parameter, potentially canceling all leave applications irrespective of their legitimacy. By crafting a malicious payload, such as "1 or 1=1", attackers can exploit this flaw, leading to chaos within the system and disrupting normal operations. Remediation involves implementing robust input validation, parameterized queries, and access controls to prevent unauthorized access and manipulation of sensitive data. |
|---|
| Quelle | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md |
|---|
| Benutzer | nochizplz (UID 64302) |
|---|
| Einreichung | 24.02.2024 11:57 (vor 2 Jahren) |
|---|
| Moderieren | 25.02.2024 19:30 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 254725 [SourceCodester Employee Management System 1.0 /cancel.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|