Submit #497357: codeprojects Wazifa v1.0 SQL Injectioninfo

Titlecodeprojects Wazifa v1.0 SQL Injection
DescriptionAn unrestricted SQL injection attack exists in an Wazifa in php system in control.php. The parameters that can be controlled are as follows: $to. This function executes the id parameter into the SQL statement without any restrictions. A malicious attacker could exploit this vulnerability to obtain sensitive information in the server database.
Source⚠️ https://github.com/nanguawuming/CVE2/blob/main/cve3.pdf
User
 eXVtaW5n (UID 81300)
Submission02/09/2025 19:39 (1 Year ago)
Moderation02/10/2025 20:07 (1 day later)
StatusAccepted
VulDB entry295147 [code-projects Wazifa System 1.0 /controllers/control.php to sql injection]
Points19

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!