| Title | TinyWebServer 1.0 SQL Injection |
|---|
| Description | A sql injection found in http/http_conn.cpp:426-431 of TinyWebServer ≤ 1.0, it use strcat to concat the user inputs name and password with sql statement insert without any check. |
|---|
| Source | ⚠️ https://magnificent-dill-351.notion.site/SQL-Injection-in-TinyWebServer-1-0-1c9c693918ed800ba172f55997565735 |
|---|
| User | s0l42 (UID 82389) |
|---|
| Submission | 04/02/2025 10:33 (1 Year ago) |
|---|
| Moderation | 04/04/2025 15:09 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 303339 [qinguoyi TinyWebServer up to 1.0 /http/http_conn.cpp name/password sql injection] |
|---|
| Points | 13 |
|---|