Submeter #453376: code-projects Concert Ticket Ordering System V1.0 SQL Injectioninformação

Título	code-projects Concert Ticket Ordering System V1.0 SQL Injection
Descrição	During the security review of the PHP "Concert Ticket Ordering System", "海南世纪网安信息技术有限公司" discovered a critical SQL injection vulnerability in the "tour(cor).php" file. This vulnerability stems from insufficient user input validation of the "mai" parameter, allowing attackers to inject malicious SQL queries. Therefore, attackers can gain unauthorized access to databases, modify or delete data, and access sensitive information. Immediate remedial measures are needed to ensure system security and protect data integrity.
Fonte	⚠️ https://github.com/halhalz/1/issues/1
Utilizador	hnsjwaxxjsyxgs (UID 75599)
Submissão	28/11/2024 04h16 (há 2 anos)
Moderação	28/11/2024 17h55 (14 hours later)
Estado	Aceite
Entrada VulDB	286380 [code-projects Concert Ticket Ordering System 1.0 /tour(cor).php Maio Injeção SQL]
Pontos	20

Do you need the next level of professionalism?

Upgrade your account now!