| Название | code-projects Online Product Reservation System V1.0 SQL Injection |
|---|
| Описание | A critical SQL injection vulnerability exists in the shopping cart delete functionality. The application directly concatenates POST parameter into SQL DELETE query without validation, allowing attackers to extract database data and manipulate cart contents.
|
|---|
| Источник | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_delete.php.md |
|---|
| Пользователь | Ho Cherry (UID 94105) |
|---|
| Представление | 03.01.2026 17:37 (3 месяцы назад) |
|---|
| Модерация | 04.01.2026 19:06 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 339500 [code-projects Online Product Reservation System 1.0 POST Parameter /app/checkout/delete.php ИД SQL-инъекция] |
|---|
| Баллы | 18 |
|---|