| Titel | itsourcecode Agri-Trading Online Shopping System V1.0 SQL Injection |
|---|
| Beschreibung | During security testing of the "Agri-Trading Online Shopping System", a critical unauthenticated SQL injection vulnerability was identified in the "/admin/suppliercontroller.php" file. This vulnerability originates from complete lack of input validation on the 'supplier' parameter. Attackers can directly inject malicious SQL queries through this parameter without requiring any authentication or valid credentials. The vulnerability poses an immediate threat to system security as it can be exploited remotely without any prior access requirements. Urgent remediation is necessary to prevent potential data breaches and system compromise. |
|---|
| Quelle | ⚠️ https://github.com/Sp1d3rL1/CVE/issues/7 |
|---|
| Benutzer | sp1d3r (UID 77907) |
|---|
| Einreichung | 01.07.2025 15:22 (vor 10 Monaten) |
|---|
| Moderieren | 07.07.2025 10:40 (6 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 315132 [itsourcecode Agri-Trading Online Shopping System bis 1.0 suppliercontroller.php supplier SQL Injection] |
|---|
| Punkte | 20 |
|---|