| 제목 | chaitak-gorai blogbook latest version as of 2025/05/22 SQL Injection |
|---|
| 설명 | The BlogBook application is vulnerable to SQL injection via the `u_id` parameter in the `user.php` script. An unauthenticated attacker can exploit this vulnerability by providing a specially crafted `u_id` value in the URL. This allows the attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data access, modification, or deletion, and in some configurations, remote code execution. |
|---|
| 원천 | ⚠️ https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20user.php%20u_id%20Parameter%20SQL%20Injection.md |
|---|
| 사용자 | bpy9ft (UID 85221) |
|---|
| 제출 | 2025. 05. 22. AM 05:33 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 05. 31. PM 06:13 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310740 [chaitak-gorai Blogbook 까지 92f5cf90f8a7e6566b576fe0952e14e1c6736513 GET Parameter /user.php u_id SQL 주입] |
|---|
| 포인트들 | 20 |
|---|