| Title | code-projects Easy Blog Site V1.0 SQL Injection |
|---|
| Description | This code is used to query whether the current account exists in the database. At the same time, the username and password have not been filtered in any way, nor have they been normalized through function conversion, which allows any password to successfully log in to the account. For example: set username=admin' -- q The password can be filled in at will, and you can log in to the user |
|---|
| Source | ⚠️ https://github.com/MyMySSS/cve/blob/main/cve.md |
|---|
| User | MyMy (UID 96642) |
|---|
| Submission | 03/23/2026 13:49 (15 days ago) |
|---|
| Moderation | 04/05/2026 22:41 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355434 [code-projects Easy Blog Site 1.0 login.php username/password sql injection] |
|---|
| Points | 20 |
|---|