| 제목 | SourceCodester Employee Management System 1.0 SQL Injection |
|---|
| 설명 | A critical SQL injection vulnerability in the SourceCodester Employee Management System's cancel.php script allows attackers to manipulate SQL queries through the id parameter, potentially canceling all leave applications irrespective of their legitimacy. By crafting a malicious payload, such as "1 or 1=1", attackers can exploit this flaw, leading to chaos within the system and disrupting normal operations. Remediation involves implementing robust input validation, parameterized queries, and access controls to prevent unauthorized access and manipulation of sensitive data. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 24. AM 11:57 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 02. 25. PM 07:30 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 254725 [SourceCodester Employee Management System 1.0 /cancel.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|