| Titolo | boyiddha Automated-Mess-Management-System 1.0 SQL Injection |
|---|
| Descrizione | The vulnerability in the Automated-Mess-Management-System's /member/view.php endpoint enables SQL Injection attacks. By injecting crafted SQL payloads into the 'date' parameter, attackers can manipulate SQL queries executed by the application. This could lead to unauthorized access to sensitive information, data leakage, or even complete database compromise. Remediating this issue involves implementing proper input validation and using parameterized queries to prevent SQL Injection attacks. Additionally, access controls should be enforced to limit user privileges and mitigate the impact of such vulnerabilities. |
|---|
| Fonte | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md |
|---|
| Utente | nochizplz (UID 64302) |
|---|
| Sottomissione | 26/02/2024 17:14 (2 anni fa) |
|---|
| Moderazione | 07/03/2024 17:04 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 256050 [boyiddha Automated-Mess-Management-System 1.0 /member/view.php Data iniezione SQL] |
|---|
| Punti | 20 |
|---|