| Title | PHPGurukul Restaurant Table Booking System 1.0 SQL Injection |
|---|
| Description | While conducting a security review of "RTBS Project PH", I discovered a critical SQL injection vulnerability in the "/admin/add-subadmin.php" file. The vulnerability stems from insufficient user input validation of the "fullname" parameter, allowing an attacker to inject malicious SQL queries. As a result, attackers can gain unauthorized access to the database, modify or delete data, and access sensitive information. Immediate remedial action is required to ensure system security and protect data integrity. |
|---|
| Source | ⚠️ https://github.com/Camllia2024/mycve/issues/1 |
|---|
| User | Camllia218 (UID 83396) |
|---|
| Submission | 03/30/2025 10:43 (1 Year ago) |
|---|
| Moderation | 04/03/2025 15:25 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 303170 [PHPGurukul Restaurant Table Booking System 1.0 /admin/add-subadmin.php fullname sql injection] |
|---|
| Points | 20 |
|---|