| शीर्षक | code-projects Human Resource Integrated System 1.0 SQL Injection |
|---|
| विवरण | The user and pass parameters in login.php are vulnerable to SQL injection due to the lack of proper sanitization and parameterization. This allows attackers to exploit the inputs using universal bypass payloads to gain unauthorized access to the application. Additionally, there are timing-based SQL injections, where attackers can leverage functions like SLEEP() to introduce intentional delays in database responses. This vulnerability enables attackers to extract sensitive information from the database and poses a significant risk to the security of the authentication system. |
|---|
| स्रोत | ⚠️ https://github.com/cooorgi/cve/blob/main/hris_sql_login.md |
|---|
| उपयोगकर्ता | cooorgi (UID 80520) |
|---|
| सबमिशन | 22/08/2025 08:13 PM (10 महीनों पहले) |
|---|
| संयम | 30/08/2025 06:47 PM (8 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 322041 [code-projects Human Resource Integrated System 1.0 /login.php user/pass SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|