| Titel | sfturing hosporder v1.0 SQL Injection |
|---|
| Beschreibung | There is sql injection in the front desk, and attackers can execute sql statements without authorization. SQL injection vulnerabilities should be classified as extremely dangerous vulnerabilities. Attackers can perform operations such as querying and tampering with the database through SQL injection vulnerabilities, and even clear the entire database. On the system side, attackers can also execute system commands by combining SQL injection vulnerabilities with database extensions, and carry out dangerous operations such as implanting system backdoors through backup functions. |
|---|
| Quelle | ⚠️ https://github.com/sfturing/hosp_order/issues/108 |
|---|
| Benutzer | bi8bu (UID 84151) |
|---|
| Einreichung | 19.06.2025 09:34 (vor 12 Monaten) |
|---|
| Moderieren | 27.06.2025 08:02 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 314080 [sfturing hosp_order bis 627f426331da8086ce8fff2017d65b1ddef384f8 OfficeServiceImpl.java getOfficeName officesName SQL Injection] |
|---|
| Punkte | 20 |
|---|