| Название | code-projects Online Product Reservation system V1.0 SQL Injection |
|---|
| Описание | A critical SQL injection vulnerability exists in the order viewing functionality. The application directly concatenates GET parameter into SQL query without validation, allowing attackers to extract order information and sensitive customer data. |
|---|
| Источник | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_order_view.php.md |
|---|
| Пользователь | Ho Cherry (UID 94105) |
|---|
| Представление | 03.01.2026 12:23 (3 месяцы назад) |
|---|
| Модерация | 04.01.2026 08:01 (20 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339477 [code-projects Online Product Reservation System 1.0 GET Parameter /order_view.php transaction_id SQL-инъекция] |
|---|
| Баллы | 17 |
|---|