| 제목 | sourcecodester Petrol pump management software 1.0 SQL Injection |
|---|
| 설명 |
The Petrol Pump Management Software from SOURCECODESTER is vulnerable to an Unauthenticated SQL Injection via its /admin/edit_categories.php page. This flaw stems from improper sanitization of the id parameter in an SQL query. Attackers can exploit this by injecting a malicious UNION SELECT statement through the id parameter in a POST request, as demonstrated, to execute arbitrary SQL commands. This vulnerability exposes the system to potential unauthorized data access, manipulation, or even database compromise, underscoring the critical need for rigorous input validation and the use of prepared statements to ensure data integrity and security. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_categories.php%20SQL%20Injection.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 29. AM 06:55 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 07:54 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255377 [SourceCodester Petrol Pump Management Software 1.0 edit_categories.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|