提出 #850623: Codeastro Ecommerce Website V1.0 SQL Injection情報

タイトルCodeastro Ecommerce Website V1.0 SQL Injection
説明Codeastro Ecommerce Website V1.0 has SQL Injection in /ecommerce-website-php/customer/confirm.php The invoice_no multipart POST parameter in the payment confirmation form is directly concatenated into SQL queries without any sanitization or parameterized binding. The application fails to validate or escape user input before passing it to the database, allowing attackers to forge malicious input that manipulates SQL query logic.
ソース⚠️ https://gist.github.com/menelausx/2222914494e28e7d70f9a35af8fae824
ユーザー
 JasperX (UID 97281)
送信2026年06月06日 16:19 (29 日 ago)
モデレーション2026年07月05日 05:57 (29 days later)
ステータス承諾済み
VulDBエントリ376357 [CodeAstro Ecommerce Website 1.0 POST Parameter confirm.php invoice_no SQLインジェクション]
ポイント20

Want to know what is going to be exploited?

We predict KEV entries!