| タイトル | code-projects Project Monitoring System V1 SQL Injection |
|---|
| 説明 | A high-severity SQL injection vulnerability was discovered in the /useredit.php component of the "Project Monitoring System". The root cause is the improper neutralization of special elements used in an SQL command, specifically within the uid parameter.
This vulnerability is easily exploitable by a remote attacker without requiring prior authentication. A successful attack would grant the malicious actor direct, unfettered access to the backend database. This could result in the complete exfiltration of sensitive information, such as user login credentials, personal identifiable information (PII), and proprietary project data. Beyond data theft, the attacker could manipulate or destroy critical data, disrupting business operations and compromising the integrity of all information managed by the system. Given the low complexity of the attack and the high impact on confidentiality and integrity, this vulnerability requires immediate remediation. |
|---|
| ソース | ⚠️ https://github.com/tiancesec/CVE/issues/8 |
|---|
| ユーザー | Hacking in SHU (UID 91413) |
|---|
| 送信 | 2025年10月08日 17:24 (7 月 ago) |
|---|
| モデレーション | 2025年10月10日 13:49 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 327907 [code-projects Project Monitoring System 1.0 /useredit.php uid SQLインジェクション] |
|---|
| ポイント | 20 |
|---|