| 제목 | SourceCodester Simple Student Attendance System using PHP and MySQL 1.0 Cross Site Scripting |
|---|
| 설명 | The vulnerability exists in the student_form.php file at line 6, where the id parameter is accepted without proper sanitization and validation. This id parameter is subsequently passed to the get_student() function located in actions.class.php at line 127. Due to insufficient input validation, this allows for SQL Injection attacks that indeed lead to xss in in the student_form.php file at line 22. |
|---|
| 원천 | ⚠️ https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing |
|---|
| 사용자 | R0ck3t (UID 70759) |
|---|
| 제출 | 2024. 06. 18. PM 08:16 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 06. 20. PM 07:26 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 269276 [SourceCodester Simple Student Attendance System 1.0 student_form.php get_student 아이디 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|