| タイトル | Complaint Management System V1.0 SQL Injection |
|---|
| 説明 | A severe SQL Injection vulnerability has been identified in the /admin/state.php file of the Phpgurukul Complaint Management System v1.0. This flaw allows attackers to inject malicious SQL code through the state parameter without requiring any form of authentication, potentially leading to unauthorized data access, data manipulation, and complete system compromise.The vulnerability arises because the application directly embeds user-supplied input from the state parameter into SQL queries without implementing adequate sanitization or validation mechanisms. This oversight permits attackers to manipulate the SQL query structure by injecting malicious code, thereby executing unintended database operations. |
|---|
| ソース | ⚠️ https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md |
|---|
| ユーザー | angrysheep (UID 79486) |
|---|
| 送信 | 2024年12月26日 11:21 (1 年 ago) |
|---|
| モデレーション | 2024年12月26日 18:12 (7 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 289353 [PHPGurukul Complaint Management System 1.0 /admin/state.php state SQLインジェクション] |
|---|
| ポイント | 20 |
|---|