Headline
CVE-2023-25432: bug_report/SQLi-1.md at main · hundanchen69/bug_report
An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.
Permalink
1 contributor
Users who have contributed to this file
Online Reviewer Management System v1.0 by janobe has SQL injection
BUG_Author: crazychen123
Accessing admin accounts: Username: admin / Password: admin
Vulnerability File: reviewer_0/admins/assessments/course/course-update.php
Parameter “courseID” (GET), exists SQL injection vulnerability
sqlmap command: sqlmap -u “ip/reviewer_0/admins/assessments/course/course-update.php?courseID=1”
sqlmap injection result