| 제목 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
|---|
| 설명 | The Online College Event Hall Reservation System demonstrates a significant SQL Injection vulnerability within its `/admin/update-rooms.php` script. This vulnerability arises from the application's handling of the `room_id` parameter, where user input is directly incorporated into an SQL query without proper sanitization or preparation. As shown in the provided proof of concept, attackers can exploit this flaw to execute arbitrary SQL commands, such as delaying the server response with a `sleep(5)` function. This issue highlights the critical need for using parameterized queries or other secure coding practices to protect the database from SQL Injection attacks, ensuring the integrity and security of the application's data. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-rooms.php.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 03. 08. AM 05:37 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 15. PM 05:29 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 256965 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-rooms.php room_id SQL 주입] |
|---|
| 포인트들 | 20 |
|---|