提出 #801607: 1000 Projects portfolio-management-system v1.0 SQL Injection情報

タイトル1000 Projects portfolio-management-system v1.0 SQL Injection
説明A critical SQL injection vulnerability exists in 1000project `admin/block_status.php` and `admin/unblock_me.php`. The vulnerability allows an attacker to inject malicious SQL code through base64-encoded parameters, enabling unauthorized modification of user account status. **Key Characteristics:** - **Attack Vector**: Base64 encoded parameter injection - **Impact**: Unauthorized user account status modification - **Authentication**: Requires admin session (but can be bypassed) The vulnerability stems from directly concatenating base64-decoded user input into SQL statements without any parameterization or validation.
ソース⚠️ https://github.com/9str0IL/CVE/issues/3
ユーザー
 9str0il (UID 97218)
送信2026年04月10日 04:59 (2 月 ago)
モデレーション2026年04月26日 21:47 (17 days later)
ステータス承諾済み
VulDBエントリ359742 [1000 Projects Portfolio Management System MCA 迄 1.0 /admin/block_status.php q SQLインジェクション]
ポイント20

概要

Do you need the next level of professionalism?

Upgrade your account now!