Отправить #83361: SQL Injection in Login Page Calendar Event Management System 1.0Информация

Название	SQL Injection in Login Page Calendar Event Management System 1.0
Описание	It was possible to execute SQL commands in the Calendar Event Management System application, in version 1.0, from two parameters on the login page, specifically "name" and "pwd". Enabling an unauthenticated attacker to collect sensitive information stored in the database. Video PoC: https://www.youtube.com/watch?v=UsSZU6EWB1E Others info about SQL injection are available in: https://owasp.org/www-community/attacks/SQL_Injection https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Источник	⚠️ https://www.onlineittuts.com/php-event-calendar.html
Пользователь	Anonymous User
Представление	03.02.2023 19:33 (3 лет назад)
Модерация	03.02.2023 21:39 (2 hours later)
Статус	принято
Запись VulDB	220175 [Calendar Event Management System 2.3.0 Login Page name/pwd SQL-инъекция]
Баллы	17

Want to know what is going to be exploited?

We predict KEV entries!