| 제목 | Github Warehouse Management System V1.0 SQL Injection |
|---|
| 설명 | WMS is an enterprise warehouse management system, and there is an SQL injection vulnerability in the wms/bloom/master/src/chkuser.php file.
Cause of vulnerability
Directly concatenate user input: The code concatenates $this ->name (from $-POST [username]) directly into the SQL query string without any filtering/escaping: Although the trim() function is used, trim() can only remove spaces and cannot defend against SQL injection. |
|---|
| 원천 | ⚠️ https://github.com/FeMiner/wms/issues/43 |
|---|
| 사용자 | qiahao (UID 95509) |
|---|
| 제출 | 2026. 02. 11. PM 03:13 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 23. PM 02:52 (12 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 341628 [FeMiner wms 까지 9cad1f1b179a98b9547fd003c23b07c7594775fa /src/chkuser.php 사용자 이름 SQL 주입] |
|---|
| 포인트들 | 0 |
|---|