| Título | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| Descrição | The Post-Office application, specifically version v1.0 or below, has been identified to contain a SQL Injection vulnerability within its /apps/login_auth.php file. The flaw arises due to the unfiltered inclusion of the 'username_login' parameter in the SQL query, which can be exploited by attackers. By crafting malicious SQL commands, such as using the 'sleep' function in an injected payload, attackers can manipulate the backend database, potentially leading to unauthorized access or data compromise. This security issue has been disclosed by the author glzjin, and users of the affected software hosted on GitHub and discussed on various forums are advised to seek patches or updates to mitigate the risk. |
|---|
| Fonte | ⚠️ https://note.zhaoj.in/share/neURUa2NSxzd |
|---|
| Utilizador | glzjin (UID 59815) |
|---|
| Submissão | 05/01/2024 05h40 (há 2 anos) |
|---|
| Moderação | 14/01/2024 17h38 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 250699 [CXBSoft Post-Office até 1.0 HTTP POST Request /apps/login_auth.php username_login Injeção SQL] |
|---|
| Pontos | 20 |
|---|