| tiêu đề | SOURCECODESTER Employee Task Management System 1.0 SQL Injection |
|---|
| Mô tả | The Employee Task Management System exhibits an SQL Injection vulnerability within its `/task-details.php` page. By manipulating the `task_id` parameter, attackers can execute arbitrary SQL queries, as demonstrated by injecting a `union select` statement to extract sensitive database information like the database name, version, and user. This flaw underscores the critical importance of using parameterized queries or prepared statements to prevent SQL Injection, safeguarding the database against unauthorized access and data breaches. |
|---|
| Nguồn | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/SQL%20Injection%20-%20task-details.php.md |
|---|
| Người dùng | nochizplz (UID 64302) |
|---|
| Đệ trình | 16/03/2024 18:11 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 17/03/2024 09:11 (15 hours later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 221453 [SourceCodester Employee Task Management System 1.0 task-details.php task_id Tiêm SQL] |
|---|
| điểm | 0 |
|---|