| 제목 | Open source HMS-PHP has two SQL injection vulnerabilities |
|---|
| 설명 | The front end post requests to transfer the uname and pass to the back end and assign values to $username and $password respectively.
Without filtering, directly bring $username and $password into the database for verification with the username and password in the database.
However, the variable is controllable, and the account and password entered in the input box are brought into the database to execute SQL statements, resulting in SQL injection vulnerabilities. |
|---|
| 원천 | ⚠️ https://github.com/Pingkon/HMS-PHP/issues/1 |
|---|
| 사용자 | ace. (UID 34853) |
|---|
| 제출 | 2022. 11. 09. AM 07:51 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 13. AM 09:26 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 213551 [Pingkon HMS-PHP admin/adminlogin.php uname/pass SQL 주입] |
|---|
| 포인트들 | 20 |
|---|