Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3130: Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities/sql_injection.md at main · KingBridgeSS/Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities

A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207873 was assigned to this vulnerability.

CVE
Open in Source
#sql#vulnerability#web#php

Online Driving School Project In PHP Sql Injection

The Online Driving School Project is a simple mini project for driving institutes. The project contains admin, learners, and users. The user can either be police or victims/complainers. This project is for the institute of driver training first commenced its operations in managing the learners and people who want to take a good learners school as well as the admin which means the owner of the web application can select the best and near learners to the people and connect them both.

project link: https://code-projects.org/online-driving-school-project-in-php-with-source-code/

SQL injection vulnerability exists in /login.php. The username and password parameters are exploitable . Attackers can exploit this vulnerability to execute arbitrary SQL statements and get the admin privilege.

POC

with username=’or user_role=’Admin’#&password=1 , the attacker can login as admin

and the attacker can exploit it using sqlmap

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE