| Titel | Event Management System V1.0 sql |
|---|
| Beschreibung | A critical SQL injection vulnerability has been identified in the Event Management System In PHP With Source Code (v1.0). Attackers can exploit the title parameter within /contact.php to inject malicious SQL code, potentially gaining full access to the underlying database. Immediate remediation is strongly advised.
Insufficient user input validation of the title parameter allows direct injection of malicious payloads into SQL queries.
Potential Consequences
Unauthorized Database Access: Attackers may read or modify protected information.
Data Leakage: Sensitive records (e.g., customer info) can be exposed.
Data Tampering: Malicious actors can create, update, or delete records.
Operational Disruption: System downtime or service interruption. |
|---|
| Quelle | ⚠️ https://github.com/T3rm1n4L-LYC/Vuldb/blob/main/SQL_Injection_in_Event_Management_System.md |
|---|
| Benutzer | T3rm1n4L (UID 79535) |
|---|
| Einreichung | 27.12.2024 17:53 (vor 1 Jahr) |
|---|
| Moderieren | 28.12.2024 10:02 (16 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 289668 [Codezips Event Management System 1.0 /contact.php Titel SQL Injection] |
|---|
| Punkte | 20 |
|---|