제출 #546223: phpgurukul.com Old Age Home Management System V1.0 SQL injection정보

제목phpgurukul.com Old Age Home Management System V1.0 SQL injection
설명# [Security] SQL injection in /admin/profile.php ## NAME OF AFFECTED PRODUCT(S) - Old Age Home Management System ## Vendor Homepage - https://phpgurukul.com/old-age-home-management-system-using-php-and-mysql/ ## AFFECTED VERSION(S) - V1.0 ## Software Link - https://phpgurukul.com/projects/Old-Age-Home-MS-using-PHP.zip ## PROBLEM TYPE - SQL injection ## Root Cause - A SQL injection vulnerability exists in `/admin/profile.php` due to improper input sanitization of the `adminname` parameter. ## Impact - Unauthorized database access, data leakage, data manipulation, etc. ## Vulnerability Details and POC - Parameter: `adminname` (POST) - Payload: ```bash adminname=1' AND (SELECT 4479 FROM (SELECT(SLEEP(5)))SYMc) AND 'gnpI'='gnpI&username=admin&contactnumber=1&[email protected]&submit=
원천⚠️ https://github.com/Gxxianzhong123/CVE1/issues/1
사용자
 wuguanfengyue (UID 52312)
제출2025. 03. 30. PM 07:21 (1 년도 ago)
모더레이션2025. 04. 03. PM 08:47 (4 days later)
상태수락
VulDB 항목303261 [PHPGurukul Old Age Home Management System 1.0 /admin/profile.php adminname/contactnumber SQL 주입]
포인트들20

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!