| शीर्षक | SQL Injection in Login Page Calendar Event Management System 1.0 |
|---|
| विवरण | It was possible to execute SQL commands in the Calendar Event Management System application, in version 1.0, from two parameters on the login page, specifically "name" and "pwd". Enabling an unauthenticated attacker to collect sensitive information stored in the database.
Video PoC: https://www.youtube.com/watch?v=UsSZU6EWB1E
Others info about SQL injection are available in:
https://owasp.org/www-community/attacks/SQL_Injection
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
|---|
| स्रोत | ⚠️ https://www.onlineittuts.com/php-event-calendar.html |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 03/02/2023 07:33 PM (3 साल पहले) |
|---|
| संयम | 03/02/2023 09:39 PM (2 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 220175 [Calendar Event Management System 2.3.0 Login Page name/pwd SQL इंजेक्शन] |
|---|
| अंक | 17 |
|---|