| Título | code-projects Web-Based Inventory and POS System 1.0 SQL Injection |
|---|
| Descripción | SQL injection allows attackers to read, modify or delete sensitive data, bypass authentication, execute system commands and cause data breaches that result in legal and financial damage.
In the transaction.php file of pos-system, the shopid parameters are obtained, and the SQL statement is concatenated to the SQL statement without filtering the execution, resulting in SQL injection vulnerabilities and server permissions |
|---|
| Fuente | ⚠️ https://github.com/asd1238525/cve/blob/main/SQL7.md |
|---|
| Usuario | LT202108729 (UID 90406) |
|---|
| Sumisión | 2025-10-01 10:17 (hace 9 meses) |
|---|
| Moderación | 2025-10-07 14:57 (6 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 327368 [code-projects Web-Based Inventory and POS System 1.0 /transaction.php shopid inyección SQL] |
|---|
| Puntos | 20 |
|---|