Gửi #855188: codeastro Simple Online Leave Management System V1.0 SQL Injectionthông tin

tiêu đềcodeastro Simple Online Leave Management System V1.0 SQL Injection
Mô tảDuring a security review of Simple Online Leave Management System V1.0, a critical SQL injection vulnerability was discovered in the /SimpleOnlineLeave/admin/deletemp.php file. The vulnerability occurs because the id GET parameter is not properly validated or sanitized before being used in SQL queries. An attacker can craft a malicious request to inject SQL payloads, potentially resulting in unauthorized database access, data leakage, data modification, or data deletion. Immediate remediation is recommended to protect the system and ensure database integrity.
Nguồn⚠️ https://github.com/sl1der-fr0g/Findings/issues/2
Người dùng
 cshwswwsshd99 (UID 98516)
Đệ trình10/06/2026 17:18 (cách đây 1 tháng)
Kiểm duyệt13/07/2026 07:05 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB377907 [CodeAstro Simple Online Leave Management System 1.0 deletemp.php ID Tiêm SQL]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!