Submit #269724: SMSot SMSot <=2.12 SQL Injectioninfo

TitleSMSot SMSot <=2.12 SQL Injection
DescriptionThe 'get.php' file in the SMSot software version 2.12 and below, hosted on fours.smsot.com, is susceptible to SQL Injection attacks. This vulnerability exists due to the direct concatenation of the 'cid' parameter into the SQL query. An attacker can exploit this flaw by manipulating the 'cid' parameter in the HTTP GET request, potentially gaining unauthorized access to sensitive information from the database.
Source⚠️ https://note.zhaoj.in/share/vo1KOw3EYmBK
User
 glzjin (UID 59815)
Submission01/18/2024 10:40 (2 years ago)
Moderation01/19/2024 12:25 (1 day later)
StatusAccepted
VulDB entry251557 [Smsot up to 2.12 /get.php tid sql injection]
Points19

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!