Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko

2025.02.27

Maloy Roy Orko (BD)

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2025-1356

CWE: CWE-89

Dork: inurl: card.php?id=

Title of the Vulnerability: Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko 

Finder & Exploit Owner: Maloy Roy Orko

Vulnerability Class: SQL Injection

Product Name: Library-Card-System 

Vendor:
needyamin

Vendor Link: 
https://github.com/needyamin/

Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/

Affected Components:

ID Parameters

Suggested Description:

SQL Injection in "id parameter" in "Library-Card-System By needyamin v 1.0" allows "remote" attacker "to dump database as this isn't protected" via "card.php?id="

Attack Vectors:

To exploit vulnerability,he has to input exploits via parameters and then he can dump whole database.

Detailed Blog:

https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html

References:

https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko

Dork: inurl: card.php?id=

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.