Submeter #667107: projectworlds Advanced Library Management System 1 SQL Injectioninformação

Títuloprojectworlds Advanced Library Management System 1 SQL Injection
DescriçãoThe view_member.php endpoint in Advanced Library Management System (V1.0) is vulnerable to SQL injection via the user_id GET parameter (boolean/time-based/UNION). It is exploitable without authentication, allowing attackers to enumerate and exfiltrate database contents or modify data. Immediate mitigations: apply WAF/rate-limiting and reduce DB privileges; permanent fix: validate inputs and use parameterized queries (prepared statements) and output-encode responses.
Fonte⚠️ https://github.com/ChenGuangHuangHun/CVE/issues/4
Utilizador
 chenguang (UID 91178)
Submissão02/10/2025 04h55 (há 7 meses)
Moderação08/10/2025 06h58 (6 days later)
EstadoAceite
Entrada VulDB327593 [projectworlds Advanced Library Management System 1.0 /view_member.php user_id Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!