Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko

2025.02.27
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89

Title of the Vulnerability: Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko Finder & Exploit Owner: Maloy Roy Orko Vulnerability Class: SQL Injection Product Name: Library-Card-System Vendor: needyamin Vendor Link: https://github.com/needyamin/ Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/ Affected Components: ID Parameters Suggested Description: SQL Injection in "id parameter" in "Library-Card-System By needyamin v 1.0" allows "remote" attacker "to dump database as this isn't protected" via "card.php?id=" Attack Vectors: To exploit vulnerability,he has to input exploits via parameters and then he can dump whole database. Detailed Blog: https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html

References:

https://www.websecurityinsights.my.id/2025/02/needyamin-library-card-system-10.html


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2025, cxsecurity.com

 

Back to Top