제출 #801607: 1000 Projects portfolio-management-system v1.0 SQL Injection정보

제목1000 Projects portfolio-management-system v1.0 SQL Injection
설명A critical SQL injection vulnerability exists in 1000project `admin/block_status.php` and `admin/unblock_me.php`. The vulnerability allows an attacker to inject malicious SQL code through base64-encoded parameters, enabling unauthorized modification of user account status. **Key Characteristics:** - **Attack Vector**: Base64 encoded parameter injection - **Impact**: Unauthorized user account status modification - **Authentication**: Requires admin session (but can be bypassed) The vulnerability stems from directly concatenating base64-decoded user input into SQL statements without any parameterization or validation.
원천⚠️ https://github.com/9str0IL/CVE/issues/3
사용자
 9str0il (UID 97218)
제출2026. 04. 10. AM 04:59 (2 개월 ago)
모더레이션2026. 04. 26. PM 09:47 (17 days later)
상태수락
VulDB 항목359742 [1000 Projects Portfolio Management System MCA 까지 1.0 /admin/block_status.php q SQL 주입]
포인트들20

이전개요다음

Want to stay up to date on a daily basis?

Enable the mail alert feature now!