| Title | itsourcecode Company The billing system 1.0 SQL Injection |
|---|
| Description | There is a serious SQL injection vulnerability in the login verification logic of the Billing System project. The vulnerability lies in the code in the process.php file that handles user login requests. Specifically, the SQL query statement in line 7 directly splices the username and password parameters submitted by the user through the POST request into the SQL query string without any effective input validation, filtering or parameterization. This insecure approach allows attackers to change the logic of the original SQL query by constructing malicious input, thereby bypassing the authentication mechanism. |
|---|
| Source | ⚠️ https://www.yuque.com/yuqueyonghuexlgkz/zepczx/py9oh6m1p7mx4eqr?singleDoc# 《The billing system has a foreground sql injection vulnerability》 |
|---|
| User | liule960117 (UID 88729) |
|---|
| Submission | 10/20/2025 19:12 (8 months ago) |
|---|
| Moderation | 11/02/2025 14:19 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 330911 [itsourcecode Billing System 1.0 login_crud.php Password sql injection] |
|---|
| Points | 20 |
|---|