| 제목 | SourceCodester Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injection |
|---|
| 설명 | 1. Vulnerability Overview
Vulnerable Endpoint: /sms/classes/Login.php?f=login
Vulnerable Parameter: username
Issue Type: SQL Injection - Authentication Bypass
Severity: High (Critical) – Unauthorized access can be gained to the system, leading to potential unauthorized actions.
Software URL: https://www.sourcecodester.com/php/15023/stock-management-system-phpoop-source-code.html
2. Vulnerability Description
The Stock Management System software contains a SQL Injection vulnerability on the login page that leads to an authentication bypass. This vulnerability is triggered by the improper sanitization of user inputs, specifically the username parameter. Attackers can exploit this flaw to bypass the authentication mechanism and gain access to the system with admin privileges. |
|---|
| 원천 | ⚠️ https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Auth-Bypass/info.md |
|---|
| 사용자 | Th3W0lf (UID 84351) |
|---|
| 제출 | 2025. 04. 21. PM 08:03 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 05. PM 01:33 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 307391 [SourceCodester/oretnom23 Stock Management System 1.0 Login.php?f=login 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|