| Название | SourceCodester Stock Management System (SMS-PHP by oretnom23) 1.0 SQL Injection |
|---|
| Описание | A SQL injection vulnerability was found in the Purchase Order page of the Stock Management System `(/sms/admin/?page=purchase_order/view_po&id=2)`. This vulnerability allows an attacker to inject arbitrary SQL queries through the `id` parameter. Specifically, it is possible to extract sensitive data from the `users` table, including usernames and MD5 hashed passwords, by exploiting the vulnerability with a UNION-based SQL injection payload. |
|---|
| Источник | ⚠️ https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/PO/info.md |
|---|
| Пользователь | Th3W0lf (UID 84351) |
|---|
| Представление | 21.04.2025 22:16 (12 месяцы назад) |
|---|
| Модерация | 04.05.2025 20:17 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 307371 [SourceCodester/oretnom23 Stock Management System 1.0 Purchase Order Details Page view_po ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|