| tiêu đề | Online Computer and Laptop Store SQL injection present at order status update |
|---|
| Mô tả | This project is entitled Online Computer and Laptop Store. This web application was developed to provide an online platform for a certain computer store or business possible customers for exploring and ordering the products.Version number: v1.0
Source code online address:https://www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
In backend management, when a user places an order, the status of the user's order can be modified in the backend, as shown in the following figure. No pre compilation processing was performed for state modification. There is also no filtering of user input content, and there is SQL injection. Malicious users can splice SQL statements to cause harm to the platform. |
|---|
| Nguồn | ⚠️ https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/4-SQL%20injection%20present%20at%20order%20status%20update.pdf |
|---|
| Người dùng | muzishouchen (UID 36418) |
|---|
| Đệ trình | 11/04/2023 17:59 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 11/04/2023 18:41 (41 minutes later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 225535 [SourceCodester Online Computer and Laptop Store 1.0 Master.php?f=update_order_status ID Tiêm SQL] |
|---|
| điểm | 20 |
|---|