| tiêu đề | phpgurukul Employee Record Management System 1.3 SQL Injection |
|---|
| Mô tả | An authenticated SQL injection vulnerability exists in the Employee Record Management System (ERMS) within admin/adminprofile.php. The AdminName parameter is directly concatenated into an SQL query without input sanitization or prepared statements. An authenticated attacker can exploit this to execute arbitrary SQL commands, potentially extracting or modifying database contents. |
|---|
| Nguồn | ⚠️ https://github.com/cryptokhush/Employee-Record-Management-System/blob/main/README.md |
|---|
| Người dùng | devcypher (UID 88930) |
|---|
| Đệ trình | 11/08/2025 18:51 (cách đây 10 các tháng) |
|---|
| Kiểm duyệt | 16/08/2025 08:01 (5 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 311581 [PHPGurukul Employee Record Management System 1.3 /admin/adminprofile.php AdminName Tiêm SQL] |
|---|
| điểm | 0 |
|---|