| Title | code-projects Simple Stock System In PHP 1.0 SQL Injection |
|---|
| Description | A SQL injection vulnerability exists in the Simple Stock System In PHP within the /market/checkuser.php file, where the username GET parameter is directly concatenated into a SELECT SQL query without proper validation or parameterization, allowing attackers to inject malicious SQL statements through crafted HTTP requests and potentially extract sensitive user data, manipulate database queries, or compromise the authentication mechanism of the stock management system. |
|---|
| Source | ⚠️ https://gist.github.com/b1uel0n3/06593fd15acd0f2f61c29c5595453755 |
|---|
| User | b1uel0n3 (UID 93016) |
|---|
| Submission | 12/14/2025 13:03 (6 months ago) |
|---|
| Moderation | 12/17/2025 15:56 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 336983 [code-projects Simple Stock System 1.0 /checkuser.php Username sql injection] |
|---|
| Points | 20 |
|---|