| Titel | Code-projects travel-management-system v1.0 SQL Injection |
|---|
| Beschreibung | Due to the lack of purification or parameterization of PID parameters, attackers can inject malicious SQL code to manipulate database queries. By utilizing the SQL injection technique of UNION query, attackers can use functions such as UNION to directly query the fields required by the database. This can be used to confirm the existence of vulnerabilities and potentially extract sensitive information from the database. |
|---|
| Quelle | ⚠️ https://github.com/Huandtx/cve/blob/main/cve/sql1.md |
|---|
| Benutzer | huandtx (UID 79079) |
|---|
| Einreichung | 04.01.2025 06:56 (vor 1 Jahr) |
|---|
| Moderieren | 04.01.2025 20:45 (14 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 290225 [code-projects Travel Management System 1.0 /enquiry.php pid/t1/t2/t3/t4/t5/t6/t7 SQL Injection] |
|---|
| Punkte | 19 |
|---|