| Название | Complaint Management System V1.0 SQL Injection |
|---|
| Описание | A severe SQL Injection vulnerability has been identified in the /admin/state.php file of the Phpgurukul Complaint Management System v1.0. This flaw allows attackers to inject malicious SQL code through the state parameter without requiring any form of authentication, potentially leading to unauthorized data access, data manipulation, and complete system compromise.The vulnerability arises because the application directly embeds user-supplied input from the state parameter into SQL queries without implementing adequate sanitization or validation mechanisms. This oversight permits attackers to manipulate the SQL query structure by injecting malicious code, thereby executing unintended database operations. |
|---|
| Источник | ⚠️ https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md |
|---|
| Пользователь | angrysheep (UID 79486) |
|---|
| Представление | 26.12.2024 11:21 (1 Год назад) |
|---|
| Модерация | 26.12.2024 18:12 (7 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 289353 [PHPGurukul Complaint Management System 1.0 /admin/state.php state SQL-инъекция] |
|---|
| Баллы | 20 |
|---|