| 제목 | phpgurukul Employee Record Management System 1.3 SQL Injection |
|---|
| 설명 | An authenticated SQL injection vulnerability exists in the Employee Record Management System (ERMS) within admin/adminprofile.php. The AdminName parameter is directly concatenated into an SQL query without input sanitization or prepared statements. An authenticated attacker can exploit this to execute arbitrary SQL commands, potentially extracting or modifying database contents. |
|---|
| 원천 | ⚠️ https://github.com/cryptokhush/Employee-Record-Management-System/blob/main/README.md |
|---|
| 사용자 | devcypher (UID 88930) |
|---|
| 제출 | 2025. 08. 11. PM 06:51 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 16. AM 08:01 (5 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 311581 [PHPGurukul Employee Record Management System 1.3 /admin/adminprofile.php AdminName SQL 주입] |
|---|
| 포인트들 | 0 |
|---|