| Title | Computer Parts Sales and Inventory System has Sql vulnerabilities |
|---|
| Description | SQL Injection vulnerability exists in the user parameter of processlogin file of computer parts sales and inventory system. It is a security vulnerability occurring in the database layer of Web program, and it is the most simple vulnerability existing in the website. The main reason is that the program does not judge and process the validity of user input data, so that the attacker can add additional SQL statements to the predefined SQL statements in the Web application, and realize illegal operations without the knowledge of the administrator, so as to deceive the database server to execute unauthorized arbitrary queries. Thus further access to data information. In short, SQL injection is the insertion of SQL statements into user input strings. If unchecked in poorly designed programs, these injected SQL statements can be mistaken for normal SQL statements by the database server and run, allowing an attacker to execute unplanned commands or access unauthorized data.
Source Download:https://www.sourcecodester.com/php/14382/computer-parts-sales-and-inventory-system-using-phpmysql.html |
|---|
| Source | ⚠️ https://github.com/WhiteA1so/Cvetest/blob/main/Sql1.pdf |
|---|
| User | xiaohua_ruilong (UID 41992) |
|---|
| Submission | 03/01/2023 13:47 (3 years ago) |
|---|
| Moderation | 03/01/2023 20:34 (7 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222105 [SourceCodester Computer Parts Sales and Inventory System 1.0 processlogin User sql injection] |
|---|
| Points | 20 |
|---|