Submeter #180628: Best POS Management System 1.0 SQL injection vulnerability on login pageinformação

TítuloBest POS Management System 1.0 SQL injection vulnerability on login page
DescriçãoBest POS Management System 1.0 login page contains a SQL injection vulnerability via username parameter in /kruxton/admin_class.php. An attacker can login system as an administrator without valid username or password, the attacker can then READ/WRITE/DELETE the system data. This is the first report for the vulnerability. CVE search result https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Best+pos+management+system source of disclosure In `admin_class.php:login` function, the `username` parameter is directly spliced into the SQL statement without sanitization Impact Allows an attacker to bypass user authentication and manipulate system information. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fonte⚠️ https://github.com/movonow/demo/blob/main/kruxton.md
Utilizador
 zhangguohu (UID 30684)
Submissão11/07/2023 09h51 (há 3 anos)
Moderação11/07/2023 16h32 (7 hours later)
EstadoAceite
Entrada VulDB233565 [SourceCodester Best POS Management System 1.0 Login Page admin_class.php Nome de utilizador Injeção SQL]
Pontos20

Do you want to use VulDB in your project?

Use the official API to access entries easily!