提出 #855188: codeastro Simple Online Leave Management System V1.0 SQL Injection情報

タイトルcodeastro Simple Online Leave Management System V1.0 SQL Injection
説明During a security review of Simple Online Leave Management System V1.0, a critical SQL injection vulnerability was discovered in the /SimpleOnlineLeave/admin/deletemp.php file. The vulnerability occurs because the id GET parameter is not properly validated or sanitized before being used in SQL queries. An attacker can craft a malicious request to inject SQL payloads, potentially resulting in unauthorized database access, data leakage, data modification, or data deletion. Immediate remediation is recommended to protect the system and ensure database integrity.
ソース⚠️ https://github.com/sl1der-fr0g/Findings/issues/2
ユーザー
 cshwswwsshd99 (UID 98516)
送信2026年06月10日 17:18 (1 月 ago)
モデレーション2026年07月13日 07:05 (1 month later)
ステータス承諾済み
VulDBエントリ377907 [CodeAstro Simple Online Leave Management System 1.0 deletemp.php 識別子 SQLインジェクション]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!