Headline
CVE-2020-23966: SQL Injection vulnerability in post.php · Issue #15 · VictorAlagwu/CMSsite
SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.
Hello, I found a SQL injection vulnerability in the post.php file. The post parameters in this file were not input filtered, and were directly brought into the database for query, which led to the vulnerability.
poc: post=1 and sleep(2) –
Delay the program for 2 seconds to query the data
To fix this vulnerability, you can use prepared statements like this:
$query = "SELECT * FROM posts WHERE post_id = ?";
$stmt = $sysConnect->prepare($sql);
$stmt->bind_param("i", $query);
$stmt->execute();
$result=$stmt->fetch();