| 제목 | pmTicket https://github.com/issue-tracking-system/Project-Management-Software 1 SQL Injection |
|---|
| 설명 | A vulnerability exists in PmTicket in the `getUserLanguage` function where the `user_id` parameter is vulnerable to an unauthenticated SQL injection. This flaw allows an unauthenticated remote attacker to inject arbitrary SQL commands via the user_id parameter, leading to unauthorized access and leaking of sensitive information. An attacker can craft a malicious request that manipulates the SQL query to extract the username and password hash of the admin user character by character. Despite being escaped, The vulnerability exists due to the lack of proper typecasting and insufficient input validation before being incorporated into the SQL query, allowing direct injection of SQL queries. |
|---|
| 원천 | ⚠️ https://asciinema.org/a/3wu3WGpnrnMc2GDvSyLUqqHUF |
|---|
| 사용자 | Allan Njuguna (UID 57480) |
|---|
| 제출 | 2025. 07. 11. PM 03:20 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 19. AM 10:08 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 317001 [pmTicket Project-Management-Software 까지 2ef379da2075f4761a2c9029cf91d073474e7486 class.database.php getUserLanguage user_id SQL 주입] |
|---|
| 포인트들 | 20 |
|---|