제출 #855969: code-projects Online Job Portal System V1.0 SQL Injection정보

제목code-projects Online Job Portal System V1.0 SQL Injection
설명During a security review of "Online Job Portal System", a UNION-based SQL injection vulnerability was discovered in /Admin/EditUser.php. The UserId GET parameter is injected directly into a SELECT query with no sanitization. The query result is rendered into editable HTML form fields, making injected column values immediately visible and extractable via standard HTTP responses. This endpoint requires no authentication, and when combined with the other SQL injection vulnerabilities in the same project, provides the most straightforward path to full database extraction and credential theft, including plaintext administrator passwords.
원천⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/3
사용자
 dazhi (UID 87857)
제출2026. 06. 11. PM 12:30 (1 월 ago)
모더레이션2026. 07. 13. PM 11:19 (1 month later)
상태수락
VulDB 항목378165 [code-projects Online Job Portal 1.0 /Admin/EditUser.php UserId SQL 주입]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!