| Titel | Xianqi Soft Xianqi kindergarten management system v2.0 bulid20190808 SQL Injection |
|---|
| Beschreibung | There is a SQL injection vulnerability in stu_list.php of the Xianqi kindergarten management system. The affected functions are "child management" - "child archive" - "query". The URL is http://*.*.*.*/stu_list.php. Malicious attackers can obtain database permissions through this vulnerability after logging in to the system, and further exploitation can obtain server permissions. Vulnerability analysis: The "sex" parameter in stu_list.php is not filtered, and there is a SQL injection vulnerability. |
|---|
| Quelle | ⚠️ https://github.com/Upgradeextension/xianqi/blob/main/README.md |
|---|
| Benutzer | komorebi (UID 40027) |
|---|
| Einreichung | 08.04.2025 07:36 (vor 1 Jahr) |
|---|
| Moderieren | 16.04.2025 03:13 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 304973 [Xianqi Kindergarten Management System 2.0 Bulid 20190808 Child Management stu_list.php sex SQL Injection] |
|---|
| Punkte | 20 |
|---|