Submeter #265989: Taokeyun Taokeyun ≤1.0.5 SQL Injectioninformação

TítuloTaokeyun Taokeyun ≤1.0.5 SQL Injection
DescriçãoThe Taokeyun software, version ≤2.1.5, contains a SQL Injection vulnerability in the 'User.php' file within the 'application/index/controller/m' directory. Specifically, the issue resides in the 'login' function where user input is directly incorporated into a SQL query without proper sanitization. This allows an attacker to manipulate the query structure, potentially leading to unauthorized access, data leakage, or even control over the database. The vulnerability can be confirmed by sending a crafted POST request to the login endpoint, causing the server to sleep for a specified duration, indicating successful SQL command execution.
Fonte⚠️ https://note.zhaoj.in/share/Np0ZdyKEnVOV
Utilizador
 glzjin (UID 59815)
Submissão11/01/2024 08h03 (há 2 anos)
Moderação12/01/2024 12h11 (1 day later)
EstadoAceite
Entrada VulDB250584 [Taokeyun até 1.0.5 HTTP POST Request User.php login Nome de utilizador Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!