| tiêu đề | Code-projects Project Management System v1.0 SQL Injection |
|---|
| Mô tả | There is an authentication bypass vulnerability in the identity authentication module of the Project Management System. Since the system account existence pre-verification code is not strongly bound to the password verification logic, and input security processing is not performed, and the administrator account is automatically built-in by default when the administrator role is selected during the login process, an attacker can use any logic to use the account ID (such as: 'OR '1'='1' -- q) with any password to bypass identity authentication, successfully log in to any account in the system (including the highest authority administrator account), and illegally obtain the highest management authority of the system. |
|---|
| Nguồn | ⚠️ https://github.com/MyMySSS/CVE123/blob/main/cve3/CVE_Submission.md |
|---|
| Người dùng | MyMy (UID 96642) |
|---|
| Đệ trình | 02/05/2026 13:21 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 26/05/2026 14:54 (24 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 365640 [code-projects Project Management System 1.0 Login chk.php Tiêm SQL] |
|---|
| điểm | 20 |
|---|