| Название | SQL Injection in Employee Payslip Generator System 1.2.0 |
|---|
| Описание | An attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system.
PoC blog: https://blog.0xgabe.com/?p=90
References:
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| Источник | ⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 11.03.2023 19:40 (3 лет назад) |
|---|
| Модерация | 12.03.2023 08:16 (13 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save Имя пользователя SQL-инъекция] |
|---|
| Баллы | 20 |
|---|