| Название | Online Computer and Laptop Store SQL injection present at order status update |
|---|
| Описание | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In backend management, when a user places an order, the status of the user's order can be modified in the backend, as shown in the following figure. No pre compilation processing was performed for state modification. There is also no filtering of user input content, and there is SQL injection. Malicious users can splice SQL statements to cause harm to the platform. |
|---|
| Источник | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/4-SQL%20injection%20present%20at%20order%20status%20update.pdf |
|---|
| Пользователь | muzishouchen (UID 36418) |
|---|
| Представление | 11.04.2023 17:59 (3 лет назад) |
|---|
| Модерация | 11.04.2023 18:41 (41 minutes later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 225535 [SourceCodester Online Computer and Laptop Store 1.0 Master.php?f=update_order_status ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|