| 标题 | travel-agency web 1 SQL Injection vulnerability |
|---|
| 描述 | Travel Agency v.1.0 is vulnerable to an SQL Injection vulnerability. The user-controllable variable $search_query (retrieved from the $_GET['user_query'] parameter) is directly concatenated into the SQL query statement without any filtering or preprocessing. Attackers can construct a malicious user_query parameter to tamper with the SQL query logic and perform unauthorized database operations. |
|---|
| 来源 | ⚠️ https://github.com/www223-ai/CVE/blob/main/travel-sql2.docx |
|---|
| 用户 | www234 (UID 92385) |
|---|
| 提交 | 2025-11-08 05時09分 (5 月前) |
|---|
| 管理 | 2025-11-22 15時56分 (14 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 333313 [ashraf-kabir travel-agency 直到 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3 Search /results.php user_query SQL注入] |
|---|
| 积分 | 20 |
|---|