Submit #155140: Covid-19 Contact Tracing System v1.0 /cts_qr/admin/establishment/manage.php?id has SQL injectioninfo

TitleCovid-19 Contact Tracing System v1.0 /cts_qr/admin/establishment/manage.php?id has SQL injection
DescriptionCovid-19 Contact Tracing System v1.0 has SQL injection. vendors: https://www.sourcecodester.com/php/14728/covid-19-contact-tracing-system-web-app-qr-code-scanning-using-php-source-code.html Vulnerability url: /cts_qr/admin/establishment/manage.php?id. Payload: id=-3 union all select null,null,concat(0x66676869,0x3536373839),null,null,null,null-- - The union query succeeds, proving that SQL injection vulnerability exists.
Source⚠️ https://github.com/BacteriaJun/cve/blob/main/SQL.md
User
 TangJun (UID 46567)
Submission05/11/2023 14:14 (3 years ago)
Moderation05/12/2023 10:17 (20 hours later)
StatusAccepted
VulDB entry228891 [SourceCodester Covid-19 Contact Tracing System 1.0 manage.php ID sql injection]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!