| Title | code-projects Online Bidding System 1.0 SQL Injection |
|---|
| Description | During the security review of "ONLINE BIDDING SYSTEM," a critical SQL injection vulnerability was discovered in the "bidupdate.php" file. This vulnerability results from inadequate validation of the 'id' parameter, allowing attackers to inject malicious SQL queries. As a result, attackers could gain unauthorized access to databases, modify or delete data, and access sensitive information. Immediate remedial measures are necessary to ensure system security and protect data integrity. |
|---|
| Source | ⚠️ https://github.com/jackhong1236/cve_0/blob/main/12/tmp25/report.md |
|---|
| User | hong zeng (UID 90188) |
|---|
| Submission | 09/14/2025 10:44 (7 months ago) |
|---|
| Moderation | 09/21/2025 11:26 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325152 [code-projects Online Bidding System 1.0 bidupdate.php ID sql injection] |
|---|
| Points | 20 |
|---|