提交 #801607: 1000 Projects portfolio-management-system v1.0 SQL Injection信息

标题1000 Projects portfolio-management-system v1.0 SQL Injection
描述A critical SQL injection vulnerability exists in 1000project `admin/block_status.php` and `admin/unblock_me.php`. The vulnerability allows an attacker to inject malicious SQL code through base64-encoded parameters, enabling unauthorized modification of user account status. **Key Characteristics:** - **Attack Vector**: Base64 encoded parameter injection - **Impact**: Unauthorized user account status modification - **Authentication**: Requires admin session (but can be bypassed) The vulnerability stems from directly concatenating base64-decoded user input into SQL statements without any parameterization or validation.
来源⚠️ https://github.com/9str0IL/CVE/issues/3
用户
 9str0il (UID 97218)
提交2026-04-10 04時59分 (18 日前)
管理2026-04-26 21時47分 (17 days later)
状态已接受
VulDB条目359742 [1000 Projects Portfolio Management System MCA 直到 1.0 /admin/block_status.php q SQL注入]
积分20

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!