| Titolo | SQL Injection in Employee Payslip Generator System 1.2.0 |
|---|
| Descrizione | An attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system.
PoC blog: https://blog.0xgabe.com/?p=90
References:
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| Fonte | ⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html |
|---|
| Utente | Anonymous User |
|---|
| Sottomissione | 11/03/2023 19:40 (3 anni fa) |
|---|
| Moderazione | 12/03/2023 08:16 (13 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save Nome utente iniezione SQL] |
|---|
| Punti | 20 |
|---|