Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40887: One_of_my_take_on_SourceCodester/Best-Student-Result-Management-System_1.0.poc.md at main · toyydsBT123/One_of_my_take_on_SourceCodester

SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.

CVE
Open in Source
#sql#vulnerability#git#php#auth#firefox

Title: Best Student Result Management System 1.0 SQLi****Author: toyydsBT123****organize: Arr3stY0u****Organization introduction : https://www.shg-sec.com/****Date: 15.09.2022****Vendor: https://www.sourcecodester.com/users/mayurik****Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download****Version: 1.0****Reference: https://github.com/toyydsBT123/One_of_my_take_on_SourceCodester/blob/main/Best-Student-Result-Management-System_1.0.poc.md****Description:****The joint query injects the selected item into the query, and can obtain system information and administrator account password. The SQL injection vulnerability on this page severely compromises the security, confidentiality of the application by exposing the application to administrator level information compromise.****Status: CRITICAL****[+] Payloads:

GET
?nid=2' union all select null,user(),null,null-- -

Proof and Exploit:

code Firefox browser

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE