| Название | SQL Injection in Delete tasks in Task Reminder System 1.0 |
|---|
| Описание | It was possible to locate at least one point vulnerable to sql injection, more specifically in the "Master.php" file, so that an attacker Administrator or Staff of the application can carry out the exploitation.
PoC Video: https://youtu.be/o46oHLvY2-E
References:
https://portswigger.net/web-security/sql-injection#:~:text=SQL%20injection%20(SQLi)%20is%20a,not%20normally%20able%20to%20retrieve.
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| Источник | ⚠️ https://www.sourcecodester.com/php/16451/task-reminder-system-php-and-mysql-source-code-free-download.html |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 18.04.2023 04:49 (3 лет назад) |
|---|
| Модерация | 18.04.2023 12:50 (8 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 226271 [SourceCodester Task Reminder System 1.0 Master.php ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|