| Title | Taokeyun Taokeyun ≤1.0.5 SQL Injection |
|---|
| Description | The Taokeyun software, version 1.0.5 and below, has been identified with a SQL Injection vulnerability. This vulnerability resides in the 'Drs.php' file within the 'login' function where user input parameter 'cid' is directly concatenated into a SQL query. This insecure practice allows an attacker to manipulate the SQL query by injecting malicious payloads, such as 'or sleep(5)', leading to potential unauthorized access to sensitive data. This vulnerability has been confirmed by the bug author, glzjin, and poses a serious risk to systems running the affected versions of the software. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/0KtyJccrP3Ba |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/11/2024 08:14 (2 years ago) |
|---|
| Moderation | 01/12/2024 12:11 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 250585 [Taokeyun up to 1.0.5 HTTP POST Request Drs.php index cid sql injection] |
|---|
| Points | 20 |
|---|