| Title | boyiddha Automated-Mess-Management-System 1.0 SQL Injection |
|---|
| Description | The Automated-Mess-Management-System by boyiddha is susceptible to a SQL Injection flaw in its login functionality, enabling unauthorized access to the admin panel. By injecting crafted SQL queries through the 'useremail' parameter, attackers can bypass authentication, gaining elevated privileges without valid credentials. This issue poses a significant risk of unauthorized access to sensitive areas of the application. To mitigate the vulnerability, developers should implement stringent input validation, utilize parameterized queries, and enforce least privilege principles to limit access to sensitive functionalities. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 02/26/2024 16:53 (2 years ago) |
|---|
| Moderation | 03/07/2024 17:04 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 256049 [boyiddha Automated-Mess-Management-System 1.0 Login Page /index.php useremail sql injection] |
|---|
| Points | 20 |
|---|