| Título | jkev Personnel Record Management System V1.0 SQL Injection |
|---|
| Descrição | The system fails to sanitize or filter user input during authentication, data querying, and data entry processes, resulting in multiple SQL injection vulnerabilities. Attackers can exploit these flaws to bypass authentication, take over arbitrary accounts, steal plaintext passwords, and gain unauthorized access to the administrator dashboard. Once inside, they can view and modify any stored information, leading to severe sensitive data disclosure and system compromise.
|
|---|
| Fonte | ⚠️ https://github.com/whatyourname12345/CVE/blob/main/PRMS/cve_SQL.md |
|---|
| Utilizador | chenkh (UID 96588) |
|---|
| Submissão | 20/03/2026 02h59 (há 18 dias) |
|---|
| Moderação | 04/04/2026 16h45 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 355345 [SourceCodester/jkev Record Management System 1.0 Login index.php Nome de utilizador Injeção SQL] |
|---|
| Pontos | 20 |
|---|