Enviar #725820: BiggiDroid Simple-PHP-Blog 1.0 SQL Injectioninformación

TítuloBiggiDroid Simple-PHP-Blog 1.0 SQL Injection
DescripciónIn BiggiDroid Simple PHP CMS, admin/login.php concatenates the username and password directly into the SQL query without any sanitization. An attacker can type: xxx' OR '1'='1'-- in the password field, turning the entire WHERE clause into a always-true condition. This lets them log in to the admin panel without the correct password, achieving a “universal user” takeover.
Fuente⚠️ https://gitee.com/devilrunsun/mywork/issues/IDGMME
Usuario
 devil_run_sun (UID 93950)
Sumisión2025-12-29 14:05 (hace 3 meses)
Moderación2025-12-29 16:14 (2 hours later)
EstadoAceptado
Entrada de VulDB338657 [BiggiDroid Simple PHP CMS 1.0 Admin Login /admin/login.php Nombre de usuario inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!