| 标题 | code-projects Online Product Reservation System V1.0 SQL Injection |
|---|
| 描述 | A critical SQL injection vulnerability exists in the shopping cart delete functionality. The application directly concatenates POST parameter into SQL DELETE query without validation, allowing attackers to extract database data and manipulate cart contents.
|
|---|
| 来源 | ⚠️ https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_delete.php.md |
|---|
| 用户 | Ho Cherry (UID 94105) |
|---|
| 提交 | 2026-01-03 17時37分 (3 月前) |
|---|
| 管理 | 2026-01-04 19時06分 (1 day later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 339500 [code-projects Online Product Reservation System 1.0 POST Parameter /app/checkout/delete.php 标识符 SQL注入] |
|---|
| 积分 | 18 |
|---|