Gửi #495410: Codezips Gym Management System in PHP with Source Code V1.0 SQL Injectionthông tin

tiêu đềCodezips Gym Management System in PHP with Source Code V1.0 SQL Injection
Mô tảA critical SQL injection vulnerability exists in the login_idparameter within /dashboard/admin/more-userprofile.php. Attackers can inject arbitrary SQL code via specially crafted values, bypassing input validation. This could lead to unauthorized database access, data manipulation, and potentially full system compromise. ● Database Compromise: Attackers can read, modify, or delete data. ● Data Leakage: Sensitive customer/payment information could be exposed. ● System Interruption: Malicious queries may degrade performance or crash the application. ● Privilege Escalation: Potential elevation of privileges leading to broader system takeover.
Nguồn⚠️ https://www.yuque.com/polaris-pisym/aevk1q/fyu4dy8fglbs6rzy?singleDoc# 《/dashboard/admin/more-userprofile.php》
Người dùng
 xuanluansec (UID 68581)
Đệ trình05/02/2025 14:58 (cách đây 1 Năm)
Kiểm duyệt10/02/2025 12:05 (5 days later)
Trạng tháiđược chấp nhận
Mục VulDB295087 [CodeZips Gym Management System 1.0 more-userprofile.php login_id Tiêm SQL]
điểm20

Might our Artificial Intelligence support you?

Check our Alexa App!