Title | boyiddha Automated-Mess-Management-System 1.0 SQL Injection |
---|
Description | The vulnerability in the Automated-Mess-Management-System's /member/view.php endpoint enables SQL Injection attacks. By injecting crafted SQL payloads into the 'date' parameter, attackers can manipulate SQL queries executed by the application. This could lead to unauthorized access to sensitive information, data leakage, or even complete database compromise. Remediating this issue involves implementing proper input validation and using parameterized queries to prevent SQL Injection attacks. Additionally, access controls should be enforced to limit user privileges and mitigate the impact of such vulnerabilities. |
---|
Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md |
---|
User | nochizplz (ID 64302) |
---|
Submission | 2024-02-26 17:14 (3 months ago) |
---|
Moderation | 2024-03-07 17:04 (10 days later) |
---|
Status | Przyjęty |
---|
VulDB Entry | 256050 |
---|