| 제목 | Event Management System V1.0 sql |
|---|
| 설명 | A critical SQL injection vulnerability has been identified in the Event Management System In PHP With Source Code (v1.0). Attackers can exploit the title parameter within /contact.php to inject malicious SQL code, potentially gaining full access to the underlying database. Immediate remediation is strongly advised.
Insufficient user input validation of the title parameter allows direct injection of malicious payloads into SQL queries.
Potential Consequences
Unauthorized Database Access: Attackers may read or modify protected information.
Data Leakage: Sensitive records (e.g., customer info) can be exposed.
Data Tampering: Malicious actors can create, update, or delete records.
Operational Disruption: System downtime or service interruption. |
|---|
| 원천 | ⚠️ https://github.com/T3rm1n4L-LYC/Vuldb/blob/main/SQL_Injection_in_Event_Management_System.md |
|---|
| 사용자 | T3rm1n4L (UID 79535) |
|---|
| 제출 | 2024. 12. 27. PM 05:53 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 28. AM 10:02 (16 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289668 [Codezips Event Management System 1.0 /contact.php 제목 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|