Submit #388831: SourceCodester Sourcecodester Car Driving School Management System 1.0 SQL injectioninfo

TitleSourceCodester Sourcecodester Car Driving School Management System 1.0 SQL injection
DescriptionAfter receiving the id parameter passed in through the get method in the Master.php file, it is directly spliced into the SQL query statement for execution without any security filtering. An attacker can use this parameter to perform SQL injection to read arbitrary database information.
Source⚠️ https://github.com/BFS-Lab/BFSDV/blob/main/Sourcecodester%20Online%20Catering%20Reservation%20System%20SQL%20Injection-8.md
User
 BFS-Lab (UID 73306)
Submission08/10/2024 10:25 (2 years ago)
Moderation08/10/2024 18:36 (8 hours later)
StatusAccepted
VulDB entry274128 [Sourcecodester Car Driving School Management System 1.0 Master.php?f=save_package ID sql injection]
Points17

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!