| Название | CLTPHP Content Management System v3.0 SQL Injection |
|---|
| Описание | A system were found to have Boolean-Based Blind SQL Injection vulnerabilities, which arise from insufficient validation and sanitization of user-controlled parameters. Boolean-Based Blind SQL Injection leverages differences in application responses (e.g., page behavior, implicit feedback) to infer the validity of injected SQL conditions—without relying on explicit error messages.Attackers can exploit these vulnerabilities to:Extract sensitive database information (e.g., database name, table/column structures, user credentials like hashed passwords).Manipulate or delete database data (e.g., alter user permissions, erase business records) if the database account has write privileges.Bypass authentication (e.g., forge valid login logic via injected conditions) to gain unauthorized system access.Disrupt service continuity (e.g., corrupt critical data tables) or execute further attacks (e.g., lateral movement in internal networks). |
|---|
| Источник | ⚠️ https://github.com/1276486/CVE/issues/17 |
|---|
| Пользователь | Zre0x1c (UID 89206) |
|---|
| Представление | 14.10.2025 16:59 (8 месяцы назад) |
|---|
| Модерация | 26.10.2025 06:21 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 329919 [CLTPHP 3.0 /home/search.html keyword SQL-инъекция] |
|---|
| Баллы | 20 |
|---|