| タイトル | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| 説明 | The Post-Office application, specifically version v1.0 or below, has been identified to contain a SQL Injection vulnerability within its /apps/login_auth.php file. The flaw arises due to the unfiltered inclusion of the 'username_login' parameter in the SQL query, which can be exploited by attackers. By crafting malicious SQL commands, such as using the 'sleep' function in an injected payload, attackers can manipulate the backend database, potentially leading to unauthorized access or data compromise. This security issue has been disclosed by the author glzjin, and users of the affected software hosted on GitHub and discussed on various forums are advised to seek patches or updates to mitigate the risk. |
|---|
| ソース | ⚠️ https://note.zhaoj.in/share/neURUa2NSxzd |
|---|
| ユーザー | glzjin (UID 59815) |
|---|
| 送信 | 2024年01月05日 05:40 (2 年 ago) |
|---|
| モデレーション | 2024年01月14日 17:38 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 250699 [CXBSoft Post-Office 迄 1.0 HTTP POST Request /apps/login_auth.php username_login SQLインジェクション] |
|---|
| ポイント | 20 |
|---|