| Название | SourceCodester Best House Rental Management System 1.0 SQL Injection |
|---|
| Описание | After receiving the id parameter passed in through the get method in the manage_tenant.php file, it is directly spliced into the SQL query statement for execution without any security filtering. An attacker can use this parameter to perform SQL injection to read arbitrary database information. |
|---|
| Источник | ⚠️ https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-2.md |
|---|
| Пользователь | rocker (UID 62454) |
|---|
| Представление | 23.05.2024 16:06 (2 лет назад) |
|---|
| Модерация | 25.05.2024 08:11 (2 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 266276 [SourceCodester Best House Rental Management System до 1.0 manage_tenant.php ИД SQL-инъекция] |
|---|
| Баллы | 18 |
|---|