| tiêu đề | SQL injection vulnerability in House Rental System |
|---|
| Mô tả | Build environment: Apache 2.4.39; MySQL5.7.26; PHP7.3.4
SQL injection vulnerability in House Rental System
In view property In PHP, from line 32 to line 34 of the code, property_ The ID is passed to the backend through get and assigned to the variable $property_ ID, and then executed the SQL statement query, and substituted it into the database. There is no single quotation mark protection, nor any filter function, and then returned mysqli_ Query Query Result |
|---|
| Nguồn | ⚠️ https://github.com/nikeshtiwari1/House-Rental-System/issues/6 |
|---|
| Người dùng | ace. (UID 34853) |
|---|
| Đệ trình | 02/12/2022 02:47 (cách đây 4 những năm) |
|---|
| Kiểm duyệt | 03/12/2022 11:15 (1 day later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 214770 [House Rental System /view-property.php property_id Tiêm SQL] |
|---|
| điểm | 20 |
|---|