Headline

CVE-2020-36541: csalgadow / DEMOKRATIAN_votaciones - b56c48b

A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input -1%20union%20all%20select%201,2,3,4,database() leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

2 years ago

CVE

Open in Source

#sql #vulnerability #web #php

committed b56c48b 2019-04-20

error de tipo de dato

Cambiamos el filtro contra sql inyection para que detecte solo datos numéricos

Comments (0)

Files changed (1)

+1 -1

M basicos_php/genera_select.php

File basicos_php/genera_select.php Modified

Ignore whitespace
Hide word diff

require_once(“…/config/config.inc.php”);

include(‘…/inc_web/conexion.php’);

include(“…/basicos_php/basico.php”);

-$id_provincia = fn_filtro($con, $_GET[‘id_provincia’]);

+$id_provincia = fn_filtro_numerico($con, $_GET[‘id_provincia’]);

if (isset($_GET[‘id_municipio’])) {

 $municipio = $\_GET\['id\_municipio'\];

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago