| Title | SourceCodester Electric Billing Management System 1.0 SQL Injection |
|---|
| Description | SQL Injection in Sourcecodester The Electric Billing Management System 1.0 by oretnom23 The reason for the SQL injection vulnerability is that the website application did not verify the validity of the data submitted by the user to the server (such as type, length, business parameter validity, etc.), nor did it effectively filter the data input by the user with special characters, thus directly inputting the user's input into the database for execution. This exceeded the expected result of the original design of the SQL statement. The system did not filter the code parameter content correctly in the tracks.thp file, resulting in SQL injection |
|---|
| Source | ⚠️ https://github.com/enjoyworld/webray.com.cn/blob/main/cves/Electric%20Billing%20Management%20System/Electric%20Billing%20Managemen%20SQL-inject%20System%20tracks.php%20SQL-inject.md |
|---|
| User | xmg404 (UID 74197) |
|---|
| Submission | 08/29/2024 04:00 (2 years ago) |
|---|
| Moderation | 08/30/2024 09:17 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 276218 [SourceCodester Electric Billing Management System 1.0 Connection Code /?page=tracks code sql injection] |
|---|
| Points | 20 |
|---|