| Titel | SourceCodester Sourcecodester Car Driving School Management System 1.0 SQL injection |
|---|
| Beschreibung | After receiving the id parameter passed in through the get method in the manage_package.php file, it is directly spliced into the SQL query statement for execution without any security filtering. An attacker can use this parameter to perform SQL injection to read arbitrary database information. |
|---|
| Quelle | ⚠️ https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-3.md |
|---|
| Benutzer | BFS-Lab (UID 73306) |
|---|
| Einreichung | 10.08.2024 06:24 (vor 2 Jahren) |
|---|
| Moderieren | 10.08.2024 10:19 (4 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 274123 [SourceCodester Car Driving School Management System 1.0 manage_package.php ID SQL Injection] |
|---|
| Punkte | 18 |
|---|