| 标题 | Crm42 SQL injection vulnerability in login function |
|---|
| 描述 | Crm42 does not filter the content entered by the user in the login function, resulting in a SQL injection vulnerability
Vulnerability source code location:
In crm42\class\class.user.php, at lines 920-922
The SQL statement executed by $sql, without any filtering, directly brings the user name and password into the database for query, and then returns the query result $result, resulting in an error reporting SQL injection vulnerability |
|---|
| 来源 | ⚠️ https://github.com/tholum/crm42/issues/1 |
|---|
| 用户 | ace. (UID 34853) |
|---|
| 提交 | 2022-11-07 07時12分 (4 年前) |
|---|
| 管理 | 2022-11-11 16時42分 (4 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 213461 [tholum crm42 Login class.user.php user_name SQL注入] |
|---|
| 积分 | 20 |
|---|