जमा करें #850623: Codeastro Ecommerce Website V1.0 SQL Injectionजानकारी

शीर्षकCodeastro Ecommerce Website V1.0 SQL Injection
विवरणCodeastro Ecommerce Website V1.0 has SQL Injection in /ecommerce-website-php/customer/confirm.php The invoice_no multipart POST parameter in the payment confirmation form is directly concatenated into SQL queries without any sanitization or parameterized binding. The application fails to validate or escape user input before passing it to the database, allowing attackers to forge malicious input that manipulates SQL query logic.
स्रोत⚠️ https://gist.github.com/menelausx/2222914494e28e7d70f9a35af8fae824
उपयोगकर्ता
 JasperX (UID 97281)
सबमिशन06/06/2026 04:19 PM (29 दिन पहले)
संयम05/07/2026 05:57 AM (29 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि376357 [CodeAstro Ecommerce Website 1.0 POST Parameter confirm.php invoice_no SQL इंजेक्शन]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!