Описание
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ProductThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:online_food_ordering_web_app_project:online_food_ordering_web_app:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00976
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user.
EPSS
Процентиль: 76%
0.00976
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-89