| Título | SQL Database Error could lead to SQL Injection in minical v1.0.0 |
|---|
| Descrição | # VULNERABILITY-TYPE : Unchecked Error Condition
# VENDOR OF THE PRODUCT : minical
# AFFECTED PRODUCT : minical/minical
# VERSION: v1.0.0
# ATTACK TYPE : REMOTE
# IMPACT: CODE EXECUTION
# AFFECTED COMPONENTS: SOURCE-CODE(show_bookings)
# ATTACK VECTOR: show_bookings(search_query)
# DESCRIPTION: Minical ,an open-source PMS v1.0.0 suffers from Unchecked Error Condition via search_query
# Vendor Homepage: https://github.com/minical/minical
# Software Link:https://github.com/minical/minical/archive/refs/tags/v1.0.0.zip
# REFERENCE:
1.) https://cwe.mitre.org/data/definitions/391.html
# PROOF_OF_CONCEPT
GITHUB_LINK: https://github.com/ctflearner/Vulnerability/blob/main/MINICAL/minical.md
|
|---|
| Fonte | ⚠️ https://github.com/minical/minical |
|---|
| Utilizador | Affan (UID 39417) |
|---|
| Submissão | 09/06/2023 17h30 (há 3 anos) |
|---|
| Moderação | 18/06/2023 09h06 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 231803 [miniCal 1.0.0 /booking/show_bookings/ search_query Injeção SQL] |
|---|
| Pontos | 20 |
|---|