| Название | code-projects Human Resource Integrated System 1.0 SQL Injection |
|---|
| Описание | The id parameter in login_query12.php is not properly sanitized or parameterized, making it vulnerable to SQL injection. This vulnerability can be exploited by injecting malicious SQL code to manipulate database queries. An attacker could leverage a timing-based SQL injection method to intentionally delay database responses using functions such as SLEEP(). |
|---|
| Источник | ⚠️ https://github.com/cooorgi/cve/blob/main/hris_sql_log_query12.md |
|---|
| Пользователь | cooorgi (UID 80520) |
|---|
| Представление | 22.08.2025 20:12 (10 месяцы назад) |
|---|
| Модерация | 30.08.2025 18:47 (8 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 322040 [code-projects Human Resource Integrated System 1.0 /login_query12.php ИД SQL-инъекция] |
|---|
| Баллы | 19 |
|---|