| タイトル | SourceCodester Online Hospital Management System Using PHP/MySQL V1.0 SQL Injection |
|---|
| 説明 | The fourth line of the departmentDoctor.php file uses the PHP method to retrieve user input from the $_GET element. Then, the value of this element will be passed to the code without proper purification or validation, and ultimately used for database queries in the PHP method on line 5 of the departmentDoctor.php file. This may lead to SQL injection attacks
ZhaoBin Huang has discovered that due to insufficient protection of the "deptid" parameter in the "\departmentDoctor.php" file, "Best courier management system project in php" there is a serious security vulnerability in the This vulnerability may be used to inject malicious SQL queries, resulting in unauthorized access and extraction of sensitive information from the database.database. |
|---|
| ソース | ⚠️ https://github.com/CveSecLook/cve/issues/41 |
|---|
| ユーザー | ZhaoBin Huang (UID 69070) |
|---|
| 送信 | 2024年05月23日 14:10 (2 年 ago) |
|---|
| モデレーション | 2024年05月25日 08:08 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 266274 [SourceCodester Online Hospital Management System 1.0 departmentDoctor.php deptid SQLインジェクション] |
|---|
| ポイント | 20 |
|---|