| Название | Song-Li cross_browser ca690f0fe6954fd9bcda36d071b68ed8682a786a SQL Injection |
|---|
| Описание | The legacy MySQL-backed Flask application in cross_browser contains an SQL injection vulnerability in the /details endpoint implemented in flask/uniquemachine_app.py. The handler reads ID from a JSON request body and directly concatenates it into a SQL SELECT statement without parameterization or escaping. An attacker who can reach this endpoint can submit crafted input to alter the SQL query and retrieve unintended database records, and in some MySQL deployment configurations may be able to perform broader data exfiltration or blind SQL injection techniques. |
|---|
| Источник | ⚠️ https://github.com/wing3e/public_exp/issues/24 |
|---|
| Пользователь | BigW (UID 96422) |
|---|
| Представление | 20.03.2026 04:13 (17 дни назад) |
|---|
| Модерация | 04.04.2026 16:50 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 355347 [Song-Li cross_browser до ca690f0fe6954fd9bcda36d071b68ed8682a786a details Endpoint uniquemachine_app.py ИД SQL-инъекция] |
|---|
| Баллы | 20 |
|---|