Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done by injecting specially crafted SQL queries that make the database perform time-consuming operations, thereby confirming the presence of the SQL injection vulnerability based on the delay in the server's response.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPGurukul Daily Expenses Management System 安全漏洞
Vulnerability Description
PHPGurukul Daily Expenses Management System是美国PHPGurukul公司的一个日常费用管理系统。 PHPGurukul Daily Expenses Management System 1.0版本存在安全漏洞,该漏洞源于add-expense.php 页面中存在基于时间的SQL注入漏洞,攻击者利用该漏洞可以通过 POST 请求中的 item 参数在后端数据库中执行任意 SQL 命令。
CVSS Information
N/A
Vulnerability Type
N/A