| タイトル | itsourcecode News Portal Project v1.0 SQL Injection |
|---|
| 説明 | During the security review of the News Portal Project, a critical SQL injection vulnerability was identified in the **`/admin/index.php`** file. The application directly incorporates user-supplied input into an SQL query without proper validation or the use of prepared statements. As a result, attackers can inject malicious SQL queries through the **username/email parameter** used in the administrator login function.
Successful exploitation of this vulnerability may allow attackers to bypass authentication and gain unauthorized access to sensitive administrative information. Immediate remediation is required to mitigate the risk and ensure the security and integrity of the system and its data. |
|---|
| ソース | ⚠️ https://github.com/wan1yan/cve/issues/2 |
|---|
| ユーザー | wanyan (UID 95221) |
|---|
| 送信 | 2026年02月06日 12:50 (3 月 ago) |
|---|
| モデレーション | 2026年02月08日 17:07 (2 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 344942 [itsourcecode News Portal Project 1.0 Administrator Login /admin/index.php email SQLインジェクション] |
|---|
| ポイント | 20 |
|---|