| tiêu đề | SQL Injection in Employee Payslip Generator System 1.2.0 |
|---|
| Mô tả | An attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system.
PoC blog: https://blog.0xgabe.com/?p=90
References:
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| Nguồn | ⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 11/03/2023 19:40 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 12/03/2023 08:16 (13 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save tên người dùng Tiêm SQL] |
|---|
| điểm | 20 |
|---|