| Title | BP Monitoring Management System v1.0 Background Modification of Personal Information SQL Injection |
|---|
| Description | A vulnerability classified as severe has been discovered in the BP Monitoring Management System. The vulnerability lies in the modification of username and phone number in the profile.php file. The operation of parameters fullname and mobilenumber leads to SQL injection and can control the limitations of SQL queries, resulting in malicious tampering of any user's phone number and username, and database information leakage. This will pose a serious threat to system security and sensitive data within the system. Even disrupted the normal use of the system! |
|---|
| Source | ⚠️ https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/report_English.pdf |
|---|
| User | James_Quite (UID 44494) |
|---|
| Submission | 04/07/2023 11:02 (3 years ago) |
|---|
| Moderation | 04/07/2023 18:38 (8 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225318 [PHPGurukul BP Monitoring Management System 1.0 User Profile Update profile.php name/mobno sql injection] |
|---|
| Points | 20 |
|---|