Submeter #421391: HFO4 shudong-share latest <=2.4.7 SQL Injectioninformação

TítuloHFO4 shudong-share latest <=2.4.7 SQL Injection
DescriçãoA critical second-order SQL Injection vulnerability has been discovered in the open-source project Shudong-Share. This severe flaw allows a regular user to insert malicious SQL statements into the database through the ‘fkey’ parameter in ‘includes/create_share.php’. Subsequently, in ‘views/user_shares.php’, the stored ‘fkey’ value is directly concatenated into SQL queries, leading to a second-order SQL injection, which could potentially result in unauthorized data access or manipulation.
Fonte⚠️ https://github.com/timeflykai/shudong_share_sql_injection
Utilizador
 flykai (UID 75989)
Submissão10/10/2024 05h40 (há 2 anos)
Moderação18/10/2024 15h45 (8 days later)
EstadoAceite
Entrada VulDB280917 [HFO4 shudong-share até 2.4.7 Share create_share.php fkey Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!