Enviar #786925: QueryMine sms 1.0 SQL Injection vulnerabilityinformación

TítuloQueryMine sms 1.0 SQL Injection vulnerability
DescripciónThe admin/editcourse.php file is responsible for handling the course editing function in the background management system. When querying course information, the code directly obtains the course ID from the GET request parameter id through $_GET['id'], and concatenates it into the SQL query statement SELECT * FROM course WHERE course_id='$get_course_id' without any input filtering, parameterization or escaping. This results in a SQL injection vulnerability. Attackers can construct malicious request parameters to execute arbitrary SQL statements, obtain sensitive data in the database (such as user credentials, course information), modify or delete data, and even gain server control in severe cases. In addition, the project does not enable the Issue function, making it impossible to submit vulnerability reports and repair suggestions to the project maintainers through the official repository.
Fuente⚠️ https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-2.md
Usuario
 yanxiao (UID 96717)
Sumisión2026-03-24 08:47 (hace 25 días)
Moderación2026-04-17 09:14 (24 days later)
EstadoAceptado
Entrada de VulDB358032 [QueryMine sms hasta 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/editcourse.php ID inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you need the next level of professionalism?

Upgrade your account now!