| Название | code-projects Online Product Reservation system in PHP with source code V1.0 SQL Injection |
|---|
| Описание | A critical SQL injection vulnerability exists in the shopping cart functionality. The application directly concatenates POST parameter and session variable into multiple SQL queries (SELECT, UPDATE, INSERT) without validation, allowing attackers to extract data and manipulate cart contents. |
|---|
| Источник | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_left_cart.php.md |
|---|
| Пользователь | Ho Cherry (UID 94105) |
|---|
| Представление | 03.01.2026 12:20 (3 месяцы назад) |
|---|
| Модерация | 04.01.2026 08:01 (20 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339476 [code-projects Online Product Reservation System 1.0 left_cart.php ИД SQL-инъекция] |
|---|
| Баллы | 18 |
|---|