जमा करें #846330: code-projects Online Voting System in PHP 1.0 SQL Injectionजानकारी

शीर्षकcode-projects Online Voting System in PHP 1.0 SQL Injection
विवरणA SQL Injection vulnerability exists in the vote submission functionality of Online Voting System in PHP version 1.0. The endpoint saveVote.php is publicly accessible without authentication and processes voter data through a test_input() function that applies htmlspecialchars() without the ENT_QUOTES flag, leaving single quotes unescaped. All four POST parameters are directly concatenated into an INSERT query: $name= test_input($_POST["voterName"]); $email= test_input($_POST["voterEmail"]); $voterID= test_input($_POST["voterID"]); $selection= test_input($_POST["selectedCandidate"]); $sql= "INSERT INTO db_evoting.tbl_users VALUES(null,'".$name."','".$email."','".$voterID."','".$selection."');"; An unauthenticated attacker can manipulate the SQL logic to insert arbitrary records into the voter table, inject malicious data, or cause database errors by breaking the query structure.
स्रोत⚠️ https://gist.github.com/c4ttr4ck/a29b2238099fa07b4f072c21123b55ef
उपयोगकर्ता
 c4ttr4ck (UID 75518)
सबमिशन02/06/2026 08:18 PM (1 महीना पहले)
संयम03/07/2026 08:31 PM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि376162 [code-projects Online Voting System 1.0 /saveVote.php test_input voterName/voterEmail/voterID/selectedCandidate SQL इंजेक्शन]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!