Title | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 SQL Injection |
---|
Description | The Online College Event Hall Reservation System is vulnerable to SQL Injection in its /admin/receipt.php script through the room_id parameter. This vulnerability allows attackers to execute arbitrary SQL commands, as demonstrated by the injection that retrieves the database version. This issue highlights the need for secure coding practices, including the use of parameterized queries or prepared statements, to prevent SQL Injection and protect the application's data integrity. |
---|
Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md |
---|
User | nochizplz (ID 64302) |
---|
Submission | 2024-03-06 16:59 (2 months ago) |
---|
Moderation | 2024-03-15 17:29 (9 days later) |
---|
Status | Przyjęty |
---|
VulDB Entry | 256961 |
---|