| タイトル | Codezips Blood Bank Management System In PHP With Source Code V1.0 SQL Injection |
|---|
| 説明 | Root Cause
Description:
The /campaign.php script directly incorporates user input from the cname parameter into SQL queries without proper sanitization or validation. This oversight allows attackers to inject malicious SQL code, enabling unauthorized database manipulations.
???? Impact
Unauthorized Database Access: Potential to read sensitive data.
Data Leakage: Exposure of confidential information.
Data Tampering: Ability to modify or delete records.
System Control: Possibility of full system compromise.
Service Interruption: Disruption of normal operations.
|
|---|
| ソース | ⚠️ https://github.com/isRainy/VULDB/blob/main/Blood_Bank_Management_System.md |
|---|
| ユーザー | 1905589289 (UID 79521) |
|---|
| 送信 | 2024年12月28日 11:54 (1 年 ago) |
|---|
| モデレーション | 2024年12月28日 20:18 (8 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 289715 [Codezips Blood Bank Management System 1.0 /campaign.php cname SQLインジェクション] |
|---|
| ポイント | 20 |
|---|