| 제목 | boyiddha Automated-Mess-Management-System 1.0 SQL Injection |
|---|
| 설명 | The Automated-Mess-Management-System by boyiddha is susceptible to a SQL Injection flaw in its login functionality, enabling unauthorized access to the admin panel. By injecting crafted SQL queries through the 'useremail' parameter, attackers can bypass authentication, gaining elevated privileges without valid credentials. This issue poses a significant risk of unauthorized access to sensitive areas of the application. To mitigate the vulnerability, developers should implement stringent input validation, utilize parameterized queries, and enforce least privilege principles to limit access to sensitive functionalities. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 26. PM 04:53 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 07. PM 05:04 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 256049 [boyiddha Automated-Mess-Management-System 1.0 Login Page /index.php useremail SQL 주입] |
|---|
| 포인트들 | 20 |
|---|