| Título | code-projects Online Product Reservation system in PHP with source code V1.0 SQL Injection |
|---|
| Descrição | A critical SQL injection vulnerability exists in the shopping cart functionality. The application directly concatenates POST parameter and session variable into multiple SQL queries (SELECT, UPDATE, INSERT) without validation, allowing attackers to extract data and manipulate cart contents. |
|---|
| Fonte | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_left_cart.php.md |
|---|
| Utilizador | Ho Cherry (UID 94105) |
|---|
| Submissão | 03/01/2026 12h20 (há 3 meses) |
|---|
| Moderação | 04/01/2026 08h01 (20 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 339476 [code-projects Online Product Reservation System 1.0 left_cart.php ID Injeção SQL] |
|---|
| Pontos | 18 |
|---|