| Titolo | sfturing hosporder v1.0 SQL Injection |
|---|
| Descrizione | There is an sql injection vulnerability in the front desk, and attackers can execute sql statements without authorization. SQL injection vulnerabilities should be classified as extremely dangerous vulnerabilities. Attackers can perform operations such as querying and tampering with the database through SQL injection vulnerabilities, and even clear the entire database. On the system side, attackers can also execute system commands by combining SQL injection vulnerabilities with database extensions, and carry out dangerous operations such as implanting system backdoors through backup functions. |
|---|
| Fonte | ⚠️ https://github.com/sfturing/hosp_order/issues/109 |
|---|
| Utente | bi8bu (UID 84151) |
|---|
| Sottomissione | 19/06/2025 10:48 (12 mesi fa) |
|---|
| Moderazione | 27/06/2025 08:02 (8 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 314081 [sfturing hosp_order fino a 627f426331da8086ce8fff2017d65b1ddef384f8 DoctorServiceImpl.java findDoctorByCondition hospitalName iniezione SQL] |
|---|
| Punti | 20 |
|---|