| शीर्षक | keerti1924 PHP-MYSQL-User-Login-System 1.0 SQL Injection |
|---|
| विवरण | A SQL injection vulnerability was discovered in the login.php script of the PHP-MYSQL-User-Login-System developed by keerti1924. By injecting malicious SQL code via the 'email' parameter, attackers can bypass authentication and gain unauthorized access to the application. The flaw allows for the execution of a UNION SELECT statement, enabling retrieval of sensitive data. Notably, successful exploitation requires the 'password' parameter to match the hash of the injected password, exacerbating the risk of unauthorized access. |
|---|
| स्रोत | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md |
|---|
| उपयोगकर्ता | nochizplz (UID 64302) |
|---|
| सबमिशन | 25/02/2024 07:00 AM (2 साल पहले) |
|---|
| संयम | 07/03/2024 03:34 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 256034 [keerti1924 PHP-MYSQL-User-Login-System 1.0 /login.php email SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|