| 제목 | CLTPHP Content Management System v3.0 SQL Injection |
|---|
| 설명 | A system were found to have Boolean-Based Blind SQL Injection vulnerabilities, which arise from insufficient validation and sanitization of user-controlled parameters. Boolean-Based Blind SQL Injection leverages differences in application responses (e.g., page behavior, implicit feedback) to infer the validity of injected SQL conditions—without relying on explicit error messages.Attackers can exploit these vulnerabilities to:Extract sensitive database information (e.g., database name, table/column structures, user credentials like hashed passwords).Manipulate or delete database data (e.g., alter user permissions, erase business records) if the database account has write privileges.Bypass authentication (e.g., forge valid login logic via injected conditions) to gain unauthorized system access.Disrupt service continuity (e.g., corrupt critical data tables) or execute further attacks (e.g., lateral movement in internal networks). |
|---|
| 원천 | ⚠️ https://github.com/1276486/CVE/issues/17 |
|---|
| 사용자 | Zre0x1c (UID 89206) |
|---|
| 제출 | 2025. 10. 14. PM 04:59 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. AM 06:21 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329919 [CLTPHP 3.0 /home/search.html keyword SQL 주입] |
|---|
| 포인트들 | 20 |
|---|