Enviar #855010: SourceCodester Online Book Store System 1.0 SQL Injection
| Título | SourceCodester Online Book Store System 1.0 SQL Injection |
|---|---|
| Descripción | The Online Book Store System v1.0 is vulnerable to SQL Injection in the administrative authentication functionality. The application fails to properly sanitize user-supplied input before incorporating it into backend SQL queries. An attacker can exploit this issue by supplying a crafted SQL payload in the username parameter during the login process. Using the payload: ' OR 1=1-- - and any arbitrary password, authentication can be bypassed successfully, resulting in unauthorized access to the administrative dashboard. Successful exploitation allows a remote unauthenticated attacker to obtain administrator-level access, potentially leading to complete compromise of application data, user information, administrative functions, and system integrity. Affected Component: Admin Login Page (admin/login.php) Vulnerability Type: SQL Injection (Authentication Bypass) Impact: * Administrative account takeover * Unauthorized access to sensitive data * Data manipulation and deletion * Full compromise of administrative functionality Vendor notified: Pending |
| Fuente | ⚠️ https:/ |
| Usuario | Gaurav kumar (UID 98267) |
| Sumisión | 2026-06-10 11:52 (hace 1 mes) |
| Moderación | 2026-07-12 20:00 (1 month later) |
| Estado | Aceptado |
| Entrada de VulDB | 377887 [SourceCodester Online Book Store System 1.0 admin/login.php Nombre de usuario inyección SQL] |
| Puntos | 20 |