| Titel | CLTPHP Content Management System v3.0 SQL Injection |
|---|
| Beschreibung | A system were found to have Boolean-Based Blind SQL Injection vulnerabilities, which arise from insufficient validation and sanitization of user-controlled parameters. Boolean-Based Blind SQL Injection leverages differences in application responses (e.g., page behavior, implicit feedback) to infer the validity of injected SQL conditions—without relying on explicit error messages.Attackers can exploit these vulnerabilities to:Extract sensitive database information (e.g., database name, table/column structures, user credentials like hashed passwords).Manipulate or delete database data (e.g., alter user permissions, erase business records) if the database account has write privileges.Bypass authentication (e.g., forge valid login logic via injected conditions) to gain unauthorized system access.Disrupt service continuity (e.g., corrupt critical data tables) or execute further attacks (e.g., lateral movement in internal networks). |
|---|
| Quelle | ⚠️ https://github.com/1276486/CVE/issues/17 |
|---|
| Benutzer | Zre0x1c (UID 89206) |
|---|
| Einreichung | 14.10.2025 16:59 (vor 8 Monaten) |
|---|
| Moderieren | 26.10.2025 06:21 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 329919 [CLTPHP 3.0 /home/search.html keyword SQL Injection] |
|---|
| Punkte | 20 |
|---|