Enviar #782202: halex CourseSEL 1.1.0 SQL Injectioninformación

Títulohalex CourseSEL 1.1.0 SQL Injection
DescripciónA SQL Injection vulnerability exists in the CourseSEL system (a ThinkPHP 3.2 based application) due to the lack of parameterization and improper input sanitization in the Apps/Index/Controller/IndexController.class.php file. The check_sel method directly concatenates the user-supplied HTTP GET parameter seid into the SQL query string using the framework's where() method. An authenticated attacker with standard student privileges can exploit this vulnerability to trigger an Error-based SQL Injection, allowing them to bypass authorization, extract sensitive database schemas, and dump administrative credentials.
Fuente⚠️ https://github.com/zy606/Vulnerability-Report/tree/main/CourseSEL-SQLi
Usuario
 Zyyyy (UID 96412)
Sumisión2026-03-18 09:52 (hace 1 mes)
Moderación2026-04-04 08:42 (17 days later)
EstadoAceptado
Entrada de VulDB355290 [halex CourseSEL hasta 1.1.0 HTTP GET Parameter IndexController.class.php check_sel seid inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!