Отправить #471112: code-projects Chat System 1.0.0.00 SQL InjectionИнформация

Названиеcode-projects Chat System 1.0.0.00 SQL Injection
ОписаниеIn the file 'update_user.php' located at /admin/update_user.php, there is a possibility of performing SQL injection on the 'name and id' parameter. This allows attackers to inject malicious SQL code into the query. For example, if the name and id parameter is set to: error-based: script=1' AND 4381=(SELECT (CASE WHEN (4381=4381) THEN 4381 ELSE (SELECT 6122 UNION SELECT 5924) END))-- -
Источник⚠️ https://code-projects.org/chat-system-using-php-source-code/
Пользователь
 Havook (UID 71104)
Представление28.12.2024 16:18 (2 лет назад)
Модерация29.12.2024 16:38 (1 day later)
Статуспринято
Запись VulDB289768 [code-projects Chat System 1.0 /admin/update_user.php ИД SQL-инъекция]
Баллы20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!