| Title | Computer Parts Sales And Inventory System Sql injection vulnerability |
|---|
| Description | SQL Injection vulnerability exists in the phonenumber parameter of
cust_transac.php file of computer parts sales and inventory system. It
is a security vulnerability occurring in the database layer of Web program,
and it is the most simple vulnerability existing in the website. The main
reason is that the program does not judge and process the validity of user
input data, so that the attacker can add additional SQL statements to the
predefined SQL statements in the Web application, and realize illegal
operations without the knowledge of the administrator, so as to deceive
the database server to execute unauthorized arbitrary queries. Thus
further access to data information. In short, SQL injection is the
insertion of SQL statements into user input strings. If unchecked in
poorly designed programs, these injected SQL statements can be mistaken
for normal SQL statements by the database server and run, allowing an
attacker to execute unplanned commands or access unauthorized data.
Source Download:https://www.sourcecodester.com/php/14382/computer-parts-sales-and-inventory-system-using-phpmysql.html |
|---|
| Source | ⚠️ https://github.com/chenxing0903/CveHub/blob/main/Computer-Parts-Sales-And-Inventory-System-Sql-Vulnerability.pdf |
|---|
| User | XingChen (UID 42721) |
|---|
| Submission | 03/11/2023 10:39 (3 years ago) |
|---|
| Moderation | 03/11/2023 12:18 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222849 [SourceCodester Computer Parts Sales and Inventory System 1.0 cust_transac.php phonenumber sql injection] |
|---|
| Points | 20 |
|---|