| Título | https://www.sourcecodester.com/users/tips23 Web PHP 1 SQL Injection |
|---|
| Descrição | Exploit Title: Simple Online Bidding System SQL Injection
Date: 4/08/2023
Exploit Author: y3thu
Vendor Homepage: https://www.sourcecodester.com/users/tips23
Software Link: https://www.sourcecodester.com/php/14558/simple-online-bidding-system-using-phpmysqli-source-code.html
Attack Vector: WEB, Network
Testeted on: Kali Linux
Description: The SQL injection vulnerability in an online bidding system allows attackers to inject malicious SQL code through input fields, compromising the system's database. This enables unauthorized access to sensitive data, manipulation of bids, and potential denial-of-service attacks. Mitigation involves strict input validation, parameterized queries, database access controls, security testing, and user education to prevent exploitation and ensure system integrity. |
|---|
| Fonte | ⚠️ https://github.com/yethu123/vulns-finding/blob/main/Simple%20Online%20Bidding%20System.md |
|---|
| Utilizador | y3thu (UID 52000) |
|---|
| Submissão | 29/02/2024 19h01 (há 2 anos) |
|---|
| Moderação | 01/03/2024 08h45 (14 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 255393 [SourceCodester Simple Online Bidding System 1.0 index.php category_id Injeção SQL] |
|---|
| Pontos | 20 |
|---|