提出 #846744: code-projects Online Job Portal 1.0 SQL Injection情報

タイトルcode-projects Online Job Portal 1.0 SQL Injection
説明An unauthenticated SQL injection vulnerability exists in login.php of the Online Job Portal System 1.0. The application fails to properly sanitize user-supplied input for the txtUser and txtPass parameters before concatenating them into SQL queries. An unauthenticated remote attacker can exploit this flaw by injecting specially crafted SQL payloads, leading to authentication bypass, unauthorized access to the administrative panel, and full database disclosure, including administrator credentials and sensitive PII from job seekers and employers.
ソース⚠️ https://github.com/aiyuyuyu/cve/blob/main/job_portal_sql.md
ユーザー
 yuyuyu (UID 97935)
送信2026年06月03日 08:38 (1 月 ago)
モデレーション2026年07月03日 20:53 (1 month later)
ステータス承諾済み
VulDBエントリ376174 [code-projects Online Job Portal 1.0 login.php txtUser/txtPass SQLインジェクション]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!