जमा करें #563175: SourceCodester Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injectionजानकारी

शीर्षकSourceCodester Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injection
विवरण1. Vulnerability Overview Vulnerable Endpoint: /sms/classes/Login.php?f=login Vulnerable Parameter: username Issue Type: SQL Injection - Authentication Bypass Severity: High (Critical) – Unauthorized access can be gained to the system, leading to potential unauthorized actions. Software URL: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html 2. Vulnerability Description The Stock Management System software contains a SQL Injection vulnerability on the login page that leads to an authentication bypass. This vulnerability is triggered by the improper sanitization of user inputs, specifically the username parameter. Attackers can exploit this flaw to bypass the authentication mechanism and gain access to the system with admin privileges.
स्रोत⚠️ https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Auth-Bypass/info.md
उपयोगकर्ता
 Th3W0lf (UID 84351)
सबमिशन21/04/2025 08:03 PM (1 वर्ष पहले)
संयम05/05/2025 01:33 PM (14 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि307391 [SourceCodester/oretnom23 Stock Management System 1.0 Login.php?f=login उपयोगकर्ता नाम SQL इंजेक्शन]
अंक20

Do you want to use VulDB in your project?

Use the official API to access entries easily!