| 제목 | sourcecodester Computer Inventory System 1.0 SQL Injection |
|---|
| 설명 | The Computer Inventory System by SOURCECODESTER has a critical SQL Injection vulnerability in its /endpoint/delete-computer.php component. This flaw allows attackers to manipulate SQL queries by injecting malicious SQL code through the computer parameter in the URL. The vulnerable code snippet does not properly sanitize user input, directly incorporating user-supplied data into the SQL query. This oversight enables an attacker to execute arbitrary SQL commands against the database, potentially leading to unauthorized data deletion, data leakage, or complete database compromise. The provided HTTP request example demonstrates how an attacker could exploit this vulnerability by appending a conditional SQL statement (1' or '1'='1) to the computer parameter, effectively altering the query's logic to execute unintended actions. This security issue underscores the necessity of employing prepared statements or proper input validation mechanisms to protect against SQL Injection attacks, thereby safeguarding the integrity and confidentiality of the database. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/SQL%20Injection%20delete-computer.php%20.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 28. PM 02:19 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 08:16 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255382 [SourceCodester Computer Inventory System 1.0 delete-computer.php computer SQL 주입] |
|---|
| 포인트들 | 20 |
|---|