제출 #850623: Codeastro Ecommerce Website V1.0 SQL Injection정보

제목Codeastro Ecommerce Website V1.0 SQL Injection
설명Codeastro Ecommerce Website V1.0 has SQL Injection in /ecommerce-website-php/customer/confirm.php The invoice_no multipart POST parameter in the payment confirmation form is directly concatenated into SQL queries without any sanitization or parameterized binding. The application fails to validate or escape user input before passing it to the database, allowing attackers to forge malicious input that manipulates SQL query logic.
원천⚠️ https://gist.github.com/menelausx/2222914494e28e7d70f9a35af8fae824
사용자
 JasperX (UID 97281)
제출2026. 06. 06. PM 04:19 (29 날 ago)
모더레이션2026. 07. 05. AM 05:57 (29 days later)
상태수락
VulDB 항목376357 [CodeAstro Ecommerce Website 1.0 POST Parameter confirm.php invoice_no SQL 주입]
포인트들20

Want to know what is going to be exploited?

We predict KEV entries!