| Название | code-projects Online Product Reservation system V1.0 SQL Injection |
|---|
| Описание | A critical SQL injection vulnerability exists in the product editing functionality. The application directly concatenates user input from both GET and POST parameters into SQL queries without validation, allowing attackers to extract sensitive database data and modify product information. |
|---|
| Источник | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_admin_edit.php.md |
|---|
| Пользователь | Ho Cherry (UID 94105) |
|---|
| Представление | 03.01.2026 12:13 (5 месяцы назад) |
|---|
| Модерация | 03.01.2026 17:02 (5 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339463 [code-projects Online Product Reservation System 1.0 POST Parameter edit.php prod_id/name/price/model/serial SQL-инъекция] |
|---|
| Баллы | 17 |
|---|