| tiêu đề | SQL Injection authenticated in "calview" Calendar Event Management System 2.3.0 |
|---|
| Mô tả | It was possible to locate at least two vulnerable points to the injection of SQL commands in the CALENDAR EVENT MANAGEMENT SYSTEM application in version 2.3.0, specifically in the "start" and "end" parameters, where an authenticated user, having an administrator, teacher or student profile would be able to exploit the vulnerability, as a consequence it would be possible to obtain sensitive information in the database.
PoC video: https://www.youtube.com/watch?v=eoPuINHWjHo
More info about sql injections attacks:
https://owasp.org/www-community/attacks/SQL_Injection
https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
|---|
| Nguồn | ⚠️ https://www.onlineittuts.com |
|---|
| Người dùng | Anonymous User |
|---|
| Đệ trình | 04/02/2023 05:50 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 04/02/2023 08:36 (3 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 220197 [Calendar Event Management System 2.3.0 start/end Tiêm SQL] |
|---|
| điểm | 17 |
|---|