| 제목 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
|---|
| 설명 | The Online College Event Hall Reservation System demonstrates a SQL Injection vulnerability within its `/admin/users.php` component, specifically through the `user_id` parameter. This flaw allows attackers to execute arbitrary SQL commands, such as delaying the server response using the `sleep(5)` function. This vulnerability underlines the importance of employing parameterized queries or proper input validation techniques to protect the application from SQL Injection attacks, thereby safeguarding the database from unauthorized access or manipulation. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 03. 08. PM 12:18 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 15. PM 05:29 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 256971 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/users.php user_id SQL 주입] |
|---|
| 포인트들 | 20 |
|---|