CodeAstro House Rental Management System ownersignup.php sql injection

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

CodeAstro House Rental Management System 注入漏洞

CodeAstro House Rental Management System是CodeAstro公司的一个房屋租赁管理系统。 CodeAstro House Rental Management System 1.0版本存在注入漏洞，该漏洞源于对参数 f/e/p/m/o/n/c/s/ci/a 的错误操作会导致 SQL 注入。

N/A

N/A