Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34487: GitHub - JunyanYip/itsourcecode_justines_sql_vul

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.

CVE
Open in Source
#sql#vulnerability#git#php

itsourcecode_justines_sql_vul****Some information

CVE ID: CVE-2023-34487

Vendor of Product: https://itsourcecode.com/

Affected Product: justines(https://itsourcecode.com/free-projects/php-project/hotel-management-system-project-php/) - v1.0.0

Attack Type: Remote

Vulnerability type: SQL injection

Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.

Position: “body”

ParamKey: “log_pword”

payload: “1234’and(select*from(select+sleep(5))a/**/union/**/select+1)=’”

Process description

On the justines home page, enter payload in the login password field. The injection is effective.

Packet capture data.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE