| 제목 | keerti1924 Online-Book-Store-Website 1.0 SQL Injection |
|---|
| 설명 | The 'search.php' script in keerti1924's Online-Book-Store-Website is vulnerable to SQL Injection, allowing attackers to execute arbitrary SQL commands and gain unauthorized access to the underlying database. This could lead to unauthorized data disclosure, data manipulation, and potential data loss, compromising the confidentiality, integrity, and availability of the system and its data. By injecting a crafted payload into the 'search' parameter, an attacker can exploit this vulnerability to retrieve sensitive information from the database, such as version details. To mitigate this issue, developers should implement robust input validation and parameterized queries to sanitize user input and prevent SQL Injection attacks. Regular security assessments and code reviews are also recommended to detect and remediate such vulnerabilities in the application's codebase. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/SQL%20Injection%20Search/SQL%20Injection%20in%20search.php%20.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 25. PM 05:15 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 07. PM 03:35 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 256039 [keerti1924 Online-Book-Store-Website 1.0 /search.php 검색 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|