| タイトル | SourceCodester/oretnom23 Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injection |
|---|
| 説明 | A SQL injection vulnerability was found in the Return List page of the Stock Management System `(/sms/admin/?page=return/view_return&id=1)`. This vulnerability allows an attacker to inject arbitrary SQL queries through the `id` parameter. Specifically, it is possible to extract sensitive data from the `users` table, including usernames and MD5 hashed passwords, by exploiting the vulnerability with a UNION-based SQL injection payload. |
|---|
| ソース | ⚠️ https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Return-List/info.md |
|---|
| ユーザー | Th3W0lf (UID 84351) |
|---|
| 送信 | 2025年05月06日 18:11 (12 月 ago) |
|---|
| モデレーション | 2025年05月15日 18:01 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 309095 [SourceCodester/oretnom23 Stock Management System 1.0 view_return 識別子 SQLインジェクション] |
|---|
| ポイント | 20 |
|---|