| 제목 | itsourcecode Agri-Trading Online Shopping System Project v1.0 SQL Injection |
|---|
| 설명 | The Agri-Trading Online Shopping System Project V1.0 is vulnerable to SQL Injection and Broken Access Control within the admin/productcontroller.php file. The application fails to properly sanitize user-supplied input in the product parameter during the add action. A remote, unauthenticated attacker can exploit this by sending a specially crafted POST request to execute arbitrary SQL commands. Furthermore, the endpoint lacks session validation, allowing attackers to bypass authentication entirely. Successful exploitation could lead to unauthorized database access, sensitive data exfiltration, and unauthorized modification of product records. |
|---|
| 원천 | ⚠️ https://github.com/wan1yan/cve/issues/3 |
|---|
| 사용자 | wanyan (UID 95221) |
|---|
| 제출 | 2026. 02. 09. AM 09:26 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 20. PM 03:19 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347104 [itsourcecode Agri-Trading Online Shopping System 1.0 HTTP POST Request productcontroller.php 제품 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|