提交 #855189: codeastro Simple Online Leave Management System V1.0 SQL Injection信息

标题codeastro Simple Online Leave Management System V1.0 SQL Injection
描述During a security review of Simple Online Leave Management System V1.0, a critical SQL injection vulnerability was discovered in the /SimpleOnlineLeave/admin/accept.php file. The vulnerability occurs because the appid POST parameter is not properly validated or sanitized before being used in SQL queries. An attacker can craft a malicious POST request containing SQL injection payloads, potentially resulting in unauthorized database access, data leakage, data modification, or data deletion. Immediate remediation is recommended to protect the system and ensure database integrity.
来源⚠️ https://github.com/sl1der-fr0g/Findings/issues/3
用户
 cshwswwsshd99 (UID 98516)
提交2026-06-10 17時19分 (1 月前)
管理2026-07-13 07時05分 (1 month later)
状态已接受
VulDB条目377908 [CodeAstro Simple Online Leave Management System 1.0 POST accept.php appid SQL注入]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!