| Title | SQL Database Error could lead to SQL Injection in minical v1.0.0 |
|---|
| Description | # VULNERABILITY-TYPE : Unchecked Error Condition
# VENDOR OF THE PRODUCT : minical
# AFFECTED PRODUCT : minical/minical
# VERSION: v1.0.0
# ATTACK TYPE : REMOTE
# IMPACT: CODE EXECUTION
# AFFECTED COMPONENTS: SOURCE-CODE(show_bookings)
# ATTACK VECTOR: show_bookings(search_query)
# DESCRIPTION: Minical ,an open-source PMS v1.0.0 suffers from Unchecked Error Condition via search_query
# Vendor Homepage: https://github.com/minical/minical
# Software Link:https://github.com/minical/minical/archive/refs/tags/v1.0.0.zip
# REFERENCE:
1.) https://cwe.mitre.org/data/definitions/391.html
# PROOF_OF_CONCEPT
GITHUB_LINK: https://github.com/ctflearner/Vulnerability/blob/main/MINICAL/minical.md
|
|---|
| Source | ⚠️ https://github.com/minical/minical |
|---|
| User | Affan (UID 39417) |
|---|
| Submission | 06/09/2023 17:30 (3 years ago) |
|---|
| Moderation | 06/18/2023 09:06 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231803 [miniCal 1.0.0 /booking/show_bookings/ search_query sql injection] |
|---|
| Points | 20 |
|---|