| 제목 | Campcodes Courier Management System V1.0 SQL Injection |
|---|
| 설명 | Vulnerability Type
SQL injection
Root Cause
In courier Management System "/view_parcel.php" found a SQL injection vulnerabilities. Websites can directly use blind injection for SQL queries. Attackers can observe the application's response or other visible behaviors to determine whether the injection is successful and further probe and exploit the data in the database.
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
In courier Management System"/view_parcel.php" has discovered an SQL injection vulnerability. Websites can directly apply blind injection to SQL queries. Attackers obtain information about the database content by injecting conditional statements and taking advantage of Boolean condition-based judgments in the application. Attackers can try different conditions and verify their correctness based on the application's response. When constructing SQL query statements, the program directly uses the ID input by the user without performing any verification or filtering on it. Therefore, arbitrary SQL queries can be executed by entering malicious ids. |
|---|
| 원천 | ⚠️ https://github.com/XiaoJiesecqwq/CVE/issues/15 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 07. 26. PM 03:33 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 26. PM 05:50 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 317842 [Campcodes Courier Management System 1.0 /view_parcel.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|