Submit #112626: Sales Tracker Management System v1.0 /php-sts/admin/products/manage_product.php GET parameter id exists SQL injection vulnerabilityinfo

TitleSales Tracker Management System v1.0 /php-sts/admin/products/manage_product.php GET parameter id exists SQL injection vulnerability
DescriptionAn issue was discovered in Sales Tracker Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /php-sts/admin/products/manage_product.php?id. Payload1:id=1' and 'a'='a Payload2:id=1' and 'a'='z Payload3:id=1' and (select 1 from (select(sleep(10)))x) and 'q'='q
Source⚠️ https://github.com/graywar1/bug_report/blob/main/SQLi.md
User
 Peony (UID 44700)
Submission04/11/2023 06:17 (3 years ago)
Moderation04/11/2023 18:30 (12 hours later)
StatusAccepted
VulDB entry225530 [SourceCodester Sales Tracker Management System 1.0 GET Parameter manage_product.php ID sql injection]
Points19

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!