| Название | code-projects Client Details System V1.0 SQL Injection |
|---|
| Описание | A critical SQL Injection vulnerability exists in clientdetails/welcome.php via the ID GET parameter. The application embeds ID unescaped into backend SQL, enabling attackers to alter query logic and inject additional statements. Because input is not sanitized and prepared statements are not used, the endpoint is susceptible to multiple exploitation techniques. |
|---|
| Источник | ⚠️ https://github.com/hellonewbie/tutorial/issues/6 |
|---|
| Пользователь | ZengY (UID 91559) |
|---|
| Представление | 12.10.2025 11:02 (8 месяцы назад) |
|---|
| Модерация | 26.10.2025 05:59 (14 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 329914 [code-projects Client Details System 1.0 GET Parameter welcome.php ИД SQL-инъекция] |
|---|
| Баллы | 19 |
|---|