| 제목 | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| 설명 | The Post-Office application, specifically version v1.0 or below, has been identified to contain a SQL Injection vulnerability within its /apps/login_auth.php file. The flaw arises due to the unfiltered inclusion of the 'username_login' parameter in the SQL query, which can be exploited by attackers. By crafting malicious SQL commands, such as using the 'sleep' function in an injected payload, attackers can manipulate the backend database, potentially leading to unauthorized access or data compromise. This security issue has been disclosed by the author glzjin, and users of the affected software hosted on GitHub and discussed on various forums are advised to seek patches or updates to mitigate the risk. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/neURUa2NSxzd |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 05. AM 05:40 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 14. PM 05:38 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 250699 [CXBSoft Post-Office 까지 1.0 HTTP POST Request /apps/login_auth.php username_login SQL 주입] |
|---|
| 포인트들 | 20 |
|---|