Submit #499767: code-projects Real Estate Property ManagementSystem v1.0 php SQL Injectioninfo

Titlecode-projects Real Estate Property ManagementSystem v1.0 php SQL Injection
DescriptionIn search.php. An unrestricted SOL injection attack exists in an Real Estate Property Management System. Theparameters that can be controlled are as follows: $stateName parameter . This function executesthe id parameter into the SOL statement without any restrictions. A malicious attacker couldexploit this vulnerability to obtain sensitive information in the server database.
Source⚠️ https://github.com/1337g/realestatepropertymanagement_poc/blob/main/sql-gu2.pdf
User
 1337gu (UID 80869)
Submission02/12/2025 18:13 (1 Year ago)
Moderation02/16/2025 15:17 (4 days later)
StatusAccepted
VulDB entry295983 [code-projects Real Estate Property Management System 1.0 /search.php StateName/CityName/AreaName/CatId sql injection]
Points20

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!