| Title | Online Computer and Laptop Store SQL injection present at order status update |
|---|
| Description | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In backend management, when a user places an order, the status of the user's order can be modified in the backend, as shown in the following figure. No pre compilation processing was performed for state modification. There is also no filtering of user input content, and there is SQL injection. Malicious users can splice SQL statements to cause harm to the platform. |
|---|
| Source | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/4-SQL%20injection%20present%20at%20order%20status%20update.pdf |
|---|
| User | muzishouchen (UID 36418) |
|---|
| Submission | 04/11/2023 17:59 (3 years ago) |
|---|
| Moderation | 04/11/2023 18:41 (41 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 225535 [SourceCodester Online Computer and Laptop Store 1.0 Master.php?f=update_order_status ID sql injection] |
|---|
| Points | 20 |
|---|