提交 #640113: code-projects Human Resource Integrated System 1.0 SQL Injection信息

标题code-projects Human Resource Integrated System 1.0 SQL Injection
描述The employee_id and date parameters in login_attendance2.php are not properly sanitized or parameterized, making them vulnerable to SQL injection. An attacker could exploit this vulnerability by injecting malicious SQL code to manipulate database queries. An attacker could leverage a time-based SQL injection method and a error-based SQL injection method.
来源⚠️ https://github.com/cooorgi/cve/blob/main/hris_sql_login_attendance2.md
用户
 cooorgi (UID 80520)
提交2025-08-22 20時13分 (10 月前)
管理2025-08-30 18時47分 (8 days later)
状态已接受
VulDB条目322042 [code-projects Human Resource Integrated System 1.0 login_attendance2.php employee_id/date SQL注入]
积分19

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!