| Название | sourcecodester Survey Application System 1.0 SQL Injection |
|---|
| Описание | view_survey.php directly interpolates $_GET['id'] into an SQL statement without validation or prepared statements. An attacker controlling the id parameter can inject SQL that does not return visible differences but creates measurable delays on the database server. This enables time-based blind SQL injection. The vulnerability is exploitable remotely and without authentication. |
|---|
| Источник | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System%202%20.md |
|---|
| Пользователь | lakshay12311 (UID 91298) |
|---|
| Представление | 26.10.2025 10:48 (6 месяцы назад) |
|---|
| Модерация | 12.11.2025 13:43 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 332187 [SourceCodester Survey Application System 1.0 /view_survey.php ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|