| Название | cxbsoft Post-Office ≤v1.0 SQL Injection |
|---|
| Описание | The Post-Office application, specifically version v1.0 or below, has been identified to contain a SQL Injection vulnerability within its /apps/login_auth.php file. The flaw arises due to the unfiltered inclusion of the 'username_login' parameter in the SQL query, which can be exploited by attackers. By crafting malicious SQL commands, such as using the 'sleep' function in an injected payload, attackers can manipulate the backend database, potentially leading to unauthorized access or data compromise. This security issue has been disclosed by the author glzjin, and users of the affected software hosted on GitHub and discussed on various forums are advised to seek patches or updates to mitigate the risk. |
|---|
| Источник | ⚠️ https://note.zhaoj.in/share/neURUa2NSxzd |
|---|
| Пользователь | glzjin (UID 59815) |
|---|
| Представление | 05.01.2024 05:40 (2 лет назад) |
|---|
| Модерация | 14.01.2024 17:38 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 250699 [CXBSoft Post-Office до 1.0 HTTP POST Request /apps/login_auth.php username_login SQL-инъекция] |
|---|
| Баллы | 20 |
|---|