| 标题 | RemoteClinic V2.0 Boolean-Based Blind SQL Injection |
|---|
| 描述 | A SQL injection vulnerability was discovered in the "Remote Clinic System" project in "/staff/profile. php? Id=28". The backend code did not effectively filter the ID parameter entered by the user and directly concatenated it into the SQL query statement, allowing attackers to close single quotes and insert Boolean logic statements for blind injection
Impact
1. Data breach: Attackers can obtain sensitive information such as user passwords, personal identification information, financial data, etc. by injecting malicious SQL queries.
2. Data tampering: Attackers can modify data in the database, such as changing the permissions or status of user accounts, or inserting false information into the database.
3. Data deletion: Attackers can delete data from the database, which may result in data loss and affect the normal operation of the application.
4. Executing malicious code: In some cases, if the database supports stored procedures or dynamic SQL execution, attackers may be able to execute malicious code, which could lead to more serious security consequences, such as the server being completely controlled. |
|---|
| 来源 | ⚠️ https://github.com/03hice-collab/CVE/issues/3 |
|---|
| 用户 | 03hice (UID 89185) |
|---|
| 提交 | 2025-08-25 13時34分 (10 月前) |
|---|
| 管理 | 2025-09-01 14時54分 (7 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 322117 [RemoteClinic 2.0 /staff/profile.php 标识符 SQL注入] |
|---|
| 积分 | 20 |
|---|