제출 #71814: Online Flight Booking Management System review_search.php has SQLinject.정보

제목Online Flight Booking Management System review_search.php has SQLinject.
설명line: 9: $txtsearch=$_POST['txtsearch']; line: 172-186: The POST parameter txtsearch is received and assigned to $txtsearch <?php $event_query = $conn->query("select * from sub_event where event_name like '%$txtsearch%'") or die(mysql_error()); $menum_row = $event_query->rowcount(); if( $menum_row > 0){ ?> <h3>Sub Events</h3> <?php while ($event_row = $event_query->fetch()) { $search_mainevent_id=$event_row['mainevent_id']; $search_subevent_id=$event_row['subevent_id']; ?> Because the string entered by the user is not filtered and the sql statements are spliced, the sql injection vulnerability is generated. It can cause serious harm to the system.
원천⚠️ https://github.com/qyhmsys/cve-list/blob/master/Online%20Flight%20Booking%20Management%20System%20review_search.md
사용자
 wei.zhang (UID 38856)
제출2023. 01. 13. AM 07:47 (3 연령 ago)
모더레이션2023. 01. 13. AM 10:20 (3 hours later)
상태수락
VulDB 항목218277 [SourceCodester Online Flight Booking Management System POST Parameter review_search.php txtsearch SQL 주입]
포인트들20

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!