Submeter #299788: SOURCECODESTER Employee Task Management System 1.0 SQL Injectioninformação

TítuloSOURCECODESTER Employee Task Management System 1.0 SQL Injection
DescriçãoThe Employee Task Management System exhibits an SQL Injection vulnerability within its `/task-details.php` page. By manipulating the `task_id` parameter, attackers can execute arbitrary SQL queries, as demonstrated by injecting a `union select` statement to extract sensitive database information like the database name, version, and user. This flaw underscores the critical importance of using parameterized queries or prepared statements to prevent SQL Injection, safeguarding the database against unauthorized access and data breaches.
Fonte⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/SQL%20Injection%20-%20task-details.php.md
Utilizador
 nochizplz (UID 64302)
Submissão16/03/2024 18h11 (há 2 anos)
Moderação17/03/2024 09h11 (15 hours later)
EstadoDuplicado
Entrada VulDB221453 [SourceCodester Employee Task Management System 1.0 task-details.php task_id Injeção SQL]
Pontos0

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!