| 제목 | SourceCodester Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injection |
|---|
| 설명 | A SQL injection vulnerability was found in the Receiving page of the Stock Management System `(/sms/admin/?page=receiving/view_receiving&id=1`. This vulnerability allows an attacker to inject arbitrary SQL queries through the `id` parameter. Specifically, it is possible to extract sensitive data from the `users` table, including usernames and MD5 hashed passwords, by exploiting the vulnerability with a UNION-based SQL injection payload. |
|---|
| 원천 | ⚠️ https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Receiving/info.md |
|---|
| 사용자 | Th3W0lf (UID 84351) |
|---|
| 제출 | 2025. 05. 06. PM 02:41 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 15. PM 04:11 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 309082 [SourceCodester/oretnom23 Stock Management System 1.0 view_receiving&id=1 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|