| 제목 | SourceCodester Stock Management System in PHP V1.0 SQL Injection |
|---|
| 설명 | During the security review of the "Stock Management System," xuanluansec discovered a critical SQL injection vulnerability in the index.php file. This vulnerability stems from inadequate validation of user inputs for the username and password parameters, allowing attackers to inject malicious SQL queries. As a result, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. Immediate remediation is required to secure the system and protect data integrity.
A SQL injection vulnerability was found in the index.php file of the Stock Management System project. This issue arises because user inputs $username and $password from $_POST['username'] and $_POST['password'] are directly used in SQL queries without proper sanitization or validation. This allows attackers to craft input values that can manipulate the SQL query and execute unauthorized operations. |
|---|
| 원천 | ⚠️ https://github.com/CveSecLook/cve/issues/43 |
|---|
| 사용자 | xuanluansec (UID 68581) |
|---|
| 제출 | 2024. 06. 08. AM 06:25 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 06. 08. AM 09:48 (3 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 267457 [SourceCodester Stock Management System 1.0 Login index.php username/password SQL 주입] |
|---|
| 포인트들 | 20 |
|---|