| Название | SourceCodester Sourcecodester Car Driving School Management System 1.0 SQL injection |
|---|
| Описание | After receiving the id parameter passed in through the get method in the Master.php file, it is directly spliced into the SQL query statement for execution without any security filtering. An attacker can use this parameter to perform SQL injection to read arbitrary database information.
|
|---|
| Источник | ⚠️ https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-8.md |
|---|
| Пользователь | BFS-Lab (UID 73306) |
|---|
| Представление | 10.08.2024 10:25 (2 лет назад) |
|---|
| Модерация | 10.08.2024 18:36 (8 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 274128 [Sourcecodester Car Driving School Management System 1.0 Master.php?f=save_package ИД SQL-инъекция] |
|---|
| Баллы | 17 |
|---|