| タイトル | CLTPHP Content Management System v3.0 SQL Injection |
|---|
| 説明 | A system were found to have Boolean-Based Blind SQL Injection vulnerabilities, which arise from insufficient validation and sanitization of user-controlled parameters. Boolean-Based Blind SQL Injection leverages differences in application responses (e.g., page behavior, implicit feedback) to infer the validity of injected SQL conditions—without relying on explicit error messages.Attackers can exploit these vulnerabilities to:Extract sensitive database information (e.g., database name, table/column structures, user credentials like hashed passwords).Manipulate or delete database data (e.g., alter user permissions, erase business records) if the database account has write privileges.Bypass authentication (e.g., forge valid login logic via injected conditions) to gain unauthorized system access.Disrupt service continuity (e.g., corrupt critical data tables) or execute further attacks (e.g., lateral movement in internal networks). |
|---|
| ソース | ⚠️ https://github.com/1276486/CVE/issues/17 |
|---|
| ユーザー | Zre0x1c (UID 89206) |
|---|
| 送信 | 2025年10月14日 16:59 (8 月 ago) |
|---|
| モデレーション | 2025年10月26日 06:21 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 329919 [CLTPHP 3.0 /home/search.html keyword SQLインジェクション] |
|---|
| ポイント | 20 |
|---|