| 제목 | Code-projects Chat System 1.0 Improper Access Controls |
|---|
| 설명 | Chat System allows attackers to perform unauthorized actions through this interface. Due to the lack of session authentication and other security measures, attackers can execute SQL injection and arbitrary room deletion.
(Parameter key-value: id=4' or sleep(5)#&del=1) (SQL injection)
(Parameter key-value: id={value}&del=1) (`value` represents the `id`, allowing unauthorized enumeration and deletion) |
|---|
| 원천 | ⚠️ https://github.com/Sinon2003/cve/blob/main/chatsystem/unauthorized.md |
|---|
| 사용자 | Rorochan (UID 79656) |
|---|
| 제출 | 2025. 01. 01. PM 12:00 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 02. AM 09:32 (22 hours later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 289939 [code-projects Chat System 1.0 /admin/deleteroom.php 아이디 SQL 주입] |
|---|
| 포인트들 | 0 |
|---|