| Titel | Code-projects Chat System 1.0 Improper Access Controls |
|---|
| Beschreibung | Chat System allows attackers to perform unauthorized actions through this interface. Due to the lack of session authentication and other security measures, attackers can execute SQL injection and arbitrary room deletion.
(Parameter key-value: id=4' or sleep(5)#&del=1) (SQL injection)
(Parameter key-value: id={value}&del=1) (`value` represents the `id`, allowing unauthorized enumeration and deletion) |
|---|
| Quelle | ⚠️ https://github.com/Sinon2003/cve/blob/main/chatsystem/unauthorized.md |
|---|
| Benutzer | Rorochan (UID 79656) |
|---|
| Einreichung | 01.01.2025 12:00 (vor 1 Jahr) |
|---|
| Moderieren | 02.01.2025 09:32 (22 hours later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 289939 [code-projects Chat System 1.0 /admin/deleteroom.php ID SQL Injection] |
|---|
| Punkte | 0 |
|---|