| Title | SourceCodester Best House Rental Management System 1.0 SQL Injection |
|---|
| Description | At "/index.php?page=view_payment&id=abc", the GET parameter id is untrusted data and goes directly into an SQL query without any sanitization or validation, this allows any authenticated user can do an SQL injection, which could damage the entire database. |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1UeP0zPOIJ3KgfWMh5IrnkDLeJjrIP4eG/view?usp=sharing |
|---|
| User | dwgth4i (UID 74608) |
|---|
| Submission | 09/09/2024 12:57 (2 years ago) |
|---|
| Moderation | 09/09/2024 16:53 (4 hours later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 265073 [SourceCodester Best House Rental Management System 1.0 view_payment.php ID sql injection] |
|---|
| Points | 0 |
|---|