Отправить #472194: PHPGurukul Land Record System 00.0.0.1 Cross Site ScriptingИнформация

НазваниеPHPGurukul Land Record System 00.0.0.1 Cross Site Scripting
ОписаниеIn the directory '/landrecordsys/admin/admin-profile.php' in admin account, there is an unrestricted cross-site scripting (XSS) vulnerability and injection attacks in the "Land Record System" system on the 'Admin Name' parameter. This function will execute the user parameter without restriction. Malicious attackers can exploit this vulnerability to obtain sensitive information from clients. script: "><img src=x onerror=alert(document.cookie)>"</b>
Источник⚠️ https://phpgurukul.com/land-record-system-using-php-and-mysql/
Пользователь
 Fergod (UID 55882)
Представление30.12.2024 17:29 (2 лет назад)
Модерация31.12.2024 09:58 (16 hours later)
Статуспринято
Запись VulDB289836 [PHPGurukul Land Record System 1.0 /admin/admin-profile.php Admin Name межсайтовый скриптинг]
Баллы20

Do you want to use VulDB in your project?

Use the official API to access entries easily!