| 제목 | code-projects Simple Stock System In PHP 1.0 SQL Injection |
|---|
| 설명 | A SQL injection vulnerability exists in the Simple Stock System In PHP within the /market/checkuser.php file, where the username GET parameter is directly concatenated into a SELECT SQL query without proper validation or parameterization, allowing attackers to inject malicious SQL statements through crafted HTTP requests and potentially extract sensitive user data, manipulate database queries, or compromise the authentication mechanism of the stock management system. |
|---|
| 원천 | ⚠️ https://gist.github.com/b1uel0n3/06593fd15acd0f2f61c29c5595453755 |
|---|
| 사용자 | b1uel0n3 (UID 93016) |
|---|
| 제출 | 2025. 12. 14. PM 01:03 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 17. PM 03:56 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336983 [code-projects Simple Stock System 1.0 /checkuser.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|