| शीर्षक | projectworlds Advanced Library Management System 1 SQL Injection |
|---|
| विवरण | The view_member.php endpoint in Advanced Library Management System (V1.0) is vulnerable to SQL injection via the user_id GET parameter (boolean/time-based/UNION). It is exploitable without authentication, allowing attackers to enumerate and exfiltrate database contents or modify data. Immediate mitigations: apply WAF/rate-limiting and reduce DB privileges; permanent fix: validate inputs and use parameterized queries (prepared statements) and output-encode responses. |
|---|
| स्रोत | ⚠️ https://github.com/ChenGuangHuangHun/CVE/issues/4 |
|---|
| उपयोगकर्ता | chenguang (UID 91178) |
|---|
| सबमिशन | 02/10/2025 04:55 AM (7 महीनों पहले) |
|---|
| संयम | 08/10/2025 06:58 AM (6 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 327593 [projectworlds Advanced Library Management System 1.0 /view_member.php user_id SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|