| Título | Open source HMS-PHP has two SQL injection vulnerabilities |
|---|
| Descripción | The front end post requests to transfer the uname and pass to the back end and assign values to $username and $password respectively.
Without filtering, directly bring $username and $password into the database for verification with the username and password in the database.
However, the variable is controllable, and the account and password entered in the input box are brought into the database to execute SQL statements, resulting in SQL injection vulnerabilities. |
|---|
| Fuente | ⚠️ https://github.com/Pingkon/HMS-PHP/issues/1 |
|---|
| Usuario | ace. (UID 34853) |
|---|
| Sumisión | 2022-11-09 07:51 (hace 4 años) |
|---|
| Moderación | 2022-11-13 09:26 (4 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 213551 [Pingkon HMS-PHP admin/adminlogin.php uname/pass inyección SQL] |
|---|
| Puntos | 20 |
|---|