| Titel | Open source HMS-PHP has two SQL injection vulnerabilities |
|---|
| Beschreibung | The front end post requests to transfer the uname and pass to the back end and assign values to $username and $password respectively.
Without filtering, directly bring $username and $password into the database for verification with the username and password in the database.
However, the variable is controllable, and the account and password entered in the input box are brought into the database to execute SQL statements, resulting in SQL injection vulnerabilities. |
|---|
| Quelle | ⚠️ https://github.com/Pingkon/HMS-PHP/issues/1 |
|---|
| Benutzer | ace. (UID 34853) |
|---|
| Einreichung | 09.11.2022 07:51 (vor 4 Jahren) |
|---|
| Moderieren | 13.11.2022 09:26 (4 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 213551 [Pingkon HMS-PHP admin/adminlogin.php uname/pass SQL Injection] |
|---|
| Punkte | 20 |
|---|