Gửi #180628: Best POS Management System 1.0 SQL injection vulnerability on login pagethông tin

tiêu đềBest POS Management System 1.0 SQL injection vulnerability on login page
Mô tảBest POS Management System 1.0 login page contains a SQL injection vulnerability via username parameter in /kruxton/admin_class.php. An attacker can login system as an administrator without valid username or password, the attacker can then READ/WRITE/DELETE the system data. This is the first report for the vulnerability. CVE search result https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Best+pos+management+system source of disclosure In `admin_class.php:login` function, the `username` parameter is directly spliced into the SQL statement without sanitization Impact Allows an attacker to bypass user authentication and manipulate system information. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nguồn⚠️ https://github.com/movonow/demo/blob/main/kruxton.md
Người dùng
 zhangguohu (UID 30684)
Đệ trình11/07/2023 09:51 (cách đây 3 những năm)
Kiểm duyệt11/07/2023 16:32 (7 hours later)
Trạng tháiđược chấp nhận
Mục VulDB233565 [SourceCodester Best POS Management System 1.0 Login Page admin_class.php tên người dùng Tiêm SQL]
điểm20

Interested in the pricing of exploits?

See the underground prices here!