| 标题 | Complaint Management System V1.0 SQL Injection |
|---|
| 描述 | A severe SQL Injection vulnerability has been identified in the /admin/state.php file of the Phpgurukul Complaint Management System v1.0. This flaw allows attackers to inject malicious SQL code through the state parameter without requiring any form of authentication, potentially leading to unauthorized data access, data manipulation, and complete system compromise.The vulnerability arises because the application directly embeds user-supplied input from the state parameter into SQL queries without implementing adequate sanitization or validation mechanisms. This oversight permits attackers to manipulate the SQL query structure by injecting malicious code, thereby executing unintended database operations. |
|---|
| 来源 | ⚠️ https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md |
|---|
| 用户 | angrysheep (UID 79486) |
|---|
| 提交 | 2024-12-26 11時21分 (1 年前) |
|---|
| 管理 | 2024-12-26 18時12分 (7 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 289353 [PHPGurukul Complaint Management System 1.0 /admin/state.php state SQL注入] |
|---|
| 积分 | 20 |
|---|