| Title | GitHub Grocery List Management Web App 1.0 SQL Injection |
|---|
| Description | SQL Injection is a vulnerability that occurs when user-supplied input is improperly validated and directly concatenated into SQL queries. An attacker can manipulate the input to alter the structure of the query, leading to unauthorized access or modification of database contents.
In the affected application, the id parameter of update.php is directly embedded in the SQL query without proper sanitization or the use of prepared statements. This allows an attacker to inject malicious SQL payloads and potentially:
Retrieve sensitive information such as usernames and passwords
Modify or delete database records
Enumerate database structure and version
Escalate the attack to gain full control of the backend database |
|---|
| Source | ⚠️ https://gist.github.com/0xSebin/a163239e0132d7d58ef1300f321da819 |
|---|
| User | 0xSebin (UID 35195) |
|---|
| Submission | 08/23/2025 10:02 (10 months ago) |
|---|
| Moderation | 08/31/2025 10:12 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 322050 [HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b /src/update.php ID sql injection] |
|---|
| Points | 20 |
|---|