提交 #850623: Codeastro Ecommerce Website V1.0 SQL Injection信息

标题Codeastro Ecommerce Website V1.0 SQL Injection
描述Codeastro Ecommerce Website V1.0 has SQL Injection in /ecommerce-website-php/customer/confirm.php The invoice_no multipart POST parameter in the payment confirmation form is directly concatenated into SQL queries without any sanitization or parameterized binding. The application fails to validate or escape user input before passing it to the database, allowing attackers to forge malicious input that manipulates SQL query logic.
来源⚠️ https://gist.github.com/menelausx/2222914494e28e7d70f9a35af8fae824
用户
 JasperX (UID 97281)
提交2026-06-06 16時19分 (29 日前)
管理2026-07-05 05時57分 (29 days later)
状态已接受
VulDB条目376357 [CodeAstro Ecommerce Website 1.0 POST Parameter confirm.php invoice_no SQL注入]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!