| Título | code-projects Online Product Reservation System V1.0 SQL Injection |
|---|
| Descripción | A critical SQL injection vulnerability exists in the shopping cart update functionality. The application directly concatenates POST parameters into SQL UPDATE and SELECT queries without validation, allowing attackers to extract cart and product data. |
|---|
| Fuente | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_update.php.md |
|---|
| Usuario | Ho Cherry (UID 94105) |
|---|
| Sumisión | 2026-01-03 17:39 (hace 4 meses) |
|---|
| Moderación | 2026-01-04 19:06 (1 day later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 339501 [code-projects Online Product Reservation System 1.0 Cart Update /app/checkout/update.php id/qty inyección SQL] |
|---|
| Puntos | 17 |
|---|