提交 #471112: code-projects Chat System 1.0.0.00 SQL Injection信息

标题code-projects Chat System 1.0.0.00 SQL Injection
描述In the file 'update_user.php' located at /admin/update_user.php, there is a possibility of performing SQL injection on the 'name and id' parameter. This allows attackers to inject malicious SQL code into the query. For example, if the name and id parameter is set to: error-based: script=1' AND 4381=(SELECT (CASE WHEN (4381=4381) THEN 4381 ELSE (SELECT 6122 UNION SELECT 5924) END))-- -
来源⚠️ https://code-projects.org/chat-system-using-php-source-code/
用户
 Havook (UID 71104)
提交2024-12-28 16時18分 (2 年前)
管理2024-12-29 16時38分 (1 day later)
状态已接受
VulDB条目289768 [code-projects Chat System 1.0 /admin/update_user.php 标识符 SQL注入]
积分20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!