Gửi #485540: needyamin Library-Card-System 1.0 SQL Injectionthông tin

tiêu đềneedyamin Library-Card-System 1.0 SQL Injection
Mô tảSQL Injection Vulnerability Found By Maloy Roy Orko to In The Admin Panel Of Library-Card-System 1.0(Vendor: Needyamin).The Admin Panel (admin.php) Can Be Bypassed Via SQL Injection Admin Bypass Payloads Which Makes The Backend Login Checking Condition True And Let Us Login Without Correct Credentials. Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/ Vendor Link: https://github.com/needyamin/ Vendor: needyamin Product Name: Library-Card-System Type: Library-Card-System ???????????????????? Title of the Vulnerability: Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko Finder & Exploit Owner: Maloy Roy Orko Vulnerability Class: SQL Injection Product Name: Library-Card-System Affected Components: /admin.php Suggested Description: SQL Injection in "admin.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to bypass admin login check & login into admin panel as no valudations are provided" via "admin/gallery.php". Attack Vectors: To exploit vulnerability,he has to put SQL Injection Admin Bypass Payloads in /admin.php.Thus, Attacker can gain access to Admin Panel ! Detailed Blog: https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1
Nguồn⚠️ https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1
Người dùng
 MaloyRoyOrko (UID 79572)
Đệ trình20/01/2025 01:31 (cách đây 1 Năm)
Kiểm duyệt29/01/2025 16:38 (10 days later)
Trạng tháiđược chấp nhận
Mục VulDB293999 [needyamin Library Card System 1.0 Login admin.php email/password Tiêm SQL]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!