| 제목 | SQL Injection in save record function - Medical Certificate Generator 1.0 |
|---|
| 설명 | It was possible to locate at least one point vulnerable to SQL Injection, specifically in the "lastname" parameter, allowing an unauthenticated attacker to perform SQL queries on the database, collecting personal information from exams created by physicians.
PoC video: https://www.youtube.com/watch?v=s3oK5jebx_I
Other informations about SQL Injection:
https://owasp.org/www-community/attacks/SQL_Injection
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/16105/medical-certificate-generator-app-using-php-and-mysql-free-download.html |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2023. 02. 10. AM 01:30 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 10. PM 12:51 (11 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 220558 [SourceCodester Medical Certificate Generator App 1.0 action.php lastname SQL 주입] |
|---|
| 포인트들 | 20 |
|---|