Invia #582874: chaitak-gorai blogbook latest version as of 2025/05/22 SQL Injectioninformazioni

Titolochaitak-gorai blogbook latest version as of 2025/05/22 SQL Injection
DescrizioneA SQL injection vulnerability exists in the [post.php] file of the BlogBook application. User-supplied input from the p_id GET parameter is directly concatenated into SQL query strings without adequate sanitization. This affects both an UPDATE query designed to increment post view counts and a SELECT query used to fetch post data for display. Consequently, an unauthenticated remote attacker can inject and execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or further compromise of the database.
Fonte⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20post.php%20p_id%20Parameter%20SQL%20Injection.md
Utente
 bpy9ft (UID 85221)
Sottomissione22/05/2025 06:08 (1 Anno fa)
Moderazione31/05/2025 18:13 (10 days later)
StatoAccettato
Voce VulDB310741 [chaitak-gorai Blogbook fino a 92f5cf90f8a7e6566b576fe0952e14e1c6736513 GET Parameter /post.php p_id iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!