| 제목 | SQL injection vulnerability in Sports Club Management System |
|---|
| 설명 | Enter admin1/admin1 to enter the background,Click payment, and then add payment。Enter MEMBERSHIP ID,MEMBERSHIP ID is the SQL injection parameter。In admin/make_ Payments.php, at line 119, the information entered by the user is submitted to submit_ Payments.php, follow up the code, and we can see that the m entered by the user_ The ID is assigned to $memID. Without any filtering, it is directly inserted into the database for query, and the query results are returned, causing SQL injection vulnerabilities。The SQL injection vulnerability is due to the data submitted by the user, which is directly brought into the database without filtering and executed SQL statements,SQL injection vulnerability can obtain database sensitive information。 |
|---|
| 원천 | ⚠️ https://github.com/shreyansh225/Sports-Club-Management-System/issues/6 |
|---|
| 사용자 | ace. (UID 34853) |
|---|
| 제출 | 2022. 11. 16. AM 08:18 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 16. AM 08:55 (37 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 213789 [Sports Club Management System 119 admin/make_payments.php m_id/plan SQL 주입] |
|---|
| 포인트들 | 20 |
|---|