| 标题 | SQL Injection in Employee Payslip Generator System 1.2.0 |
|---|
| 描述 | An attacker authenticated as an administrator can inject SQL commands when creating new users, starting from version 1.2.0 of the Employee Payslip software, which can lead to password leaks and improper access to other existing accounts in the system.
PoC blog: https://blog.0xgabe.com/?p=90
References:
https://portswigger.net/web-security/sql-injection
https://owasp.org/www-community/attacks/SQL_Injection |
|---|
| 来源 | ⚠️ https://www.sourcecodester.com/php/16264/updated-employee-payslip-generator-sending-mail-using-php-and-gmail-smtp.html |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2023-03-11 19時40分 (3 年前) |
|---|
| 管理 | 2023-03-12 08時16分 (13 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 222863 [SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 New User Creation classes/Users.php?f=save 用户名 SQL注入] |
|---|
| 积分 | 20 |
|---|