| Title | code-projects Project Monitoring System 1.0 SQL Injection |
|---|
| Description | SQL injection is not just a theoretical risk—it is one of the most destructive and reliably exploitable vulnerabilities in modern web applications. Below is a detailed, attack-by-attack description of what an adversary can actually do once he can inject arbitrary SQL into your back-end database. Every item is mapped to real-world impact, not abstract “loss of confidentiality.”
In the login.php file of Responsive Blog Site, the username and password parameters are obtained, and the SQL statement is concatenated to the SQL statement without filtering the execution, resulting in SQL injection vulnerabilities and server permissions |
|---|
| Source | ⚠️ https://github.com/asd1238525/cve/blob/main/SQL5.md |
|---|
| User | yuwangxian (UID 90378) |
|---|
| Submission | 09/22/2025 18:44 (7 months ago) |
|---|
| Moderation | 09/26/2025 14:50 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 326114 [code-projects Project Monitoring System 1.0 /login.php username/password sql injection] |
|---|
| Points | 20 |
|---|