| 标题 | code-projects Online Product Reservation system V1.0 SQL Injection |
|---|
| 描述 | A critical SQL injection vulnerability exists in the user login functionality. The application directly concatenates user input into SQL query without validation, allowing attackers to bypass authentication completely and extract sensitive user data. |
|---|
| 来源 | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_login.php.md |
|---|
| 用户 | Ho Cherry (UID 94105) |
|---|
| 提交 | 2026-01-03 12時16分 (3 月前) |
|---|
| 管理 | 2026-01-04 08時01分 (20 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 339475 [code-projects Online Product Reservation System 1.0 User Login app/user/login.php emailadd SQL注入] |
|---|
| 积分 | 16 |
|---|