| 제목 | Complaint Management System V1.0 SQL Injection |
|---|
| 설명 | A severe SQL Injection vulnerability has been identified in the /admin/state.php file of the Phpgurukul Complaint Management System v1.0. This flaw allows attackers to inject malicious SQL code through the state parameter without requiring any form of authentication, potentially leading to unauthorized data access, data manipulation, and complete system compromise.The vulnerability arises because the application directly embeds user-supplied input from the state parameter into SQL queries without implementing adequate sanitization or validation mechanisms. This oversight permits attackers to manipulate the SQL query structure by injecting malicious code, thereby executing unintended database operations. |
|---|
| 원천 | ⚠️ https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md |
|---|
| 사용자 | angrysheep (UID 79486) |
|---|
| 제출 | 2024. 12. 26. AM 11:21 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 26. PM 06:12 (7 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289353 [PHPGurukul Complaint Management System 1.0 /admin/state.php state SQL 주입] |
|---|
| 포인트들 | 20 |
|---|