| tiêu đề | code-projects Simple Laundry System In PHP 1.0 SQL Injection |
|---|
| Mô tả | A SQL Injection vulnerability exists in the Simple Laundry System in PHP within the service tracking functionality.
The vulnerability is located in the following endpoint:
/Laundry_system/searchguest.php
The application processes user input through the searchServiceId parameter submitted via an HTTP POST request. This parameter is directly incorporated into SQL queries without proper validation, sanitization, or parameterized query handling.
Because the application fails to neutralize special SQL characters, attackers can inject malicious SQL code into the query. The supplied payload:
searchServiceId='
demonstrates that the input is not properly handled and may break the SQL query structure, indicating injectable behavior.
In typical implementations, this parameter is used in queries similar to:
$serviceId = $_POST['searchServiceId']; $query = "SELECT * FROM services WHERE service_id = '$serviceId'";
Since the input is concatenated directly into the SQL statement, an attacker can manipulate the query logic by injecting arbitrary SQL expressions.
This vulnerability allows attackers to execute unauthorized SQL queries against the backend database. |
|---|
| Nguồn | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/SQL%20Injection%20in%20Simple%20Laundry%20System%20PHP%20searchServiceId%20Parameter.md |
|---|
| Người dùng | AhmadMarzook (UID 96211) |
|---|
| Đệ trình | 03/04/2026 19:50 (cách đây 11 ngày) |
|---|
| Kiểm duyệt | 12/04/2026 20:08 (9 days later) |
|---|
| Trạng thái | Bản sao |
|---|
| Mục VulDB | 355334 [code-projects Simple Laundry System 1.0 Parameter /searchguest.php searchServiceId Tiêm SQL] |
|---|
| điểm | 0 |
|---|