N/A

A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full administrative access to the application, including the ability to manipulate the public-facing website content (HTML/DOM manipulation).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Fikir Odalari AdminPando SQL注入漏洞

Fikir Odalari AdminPando是土耳其Fikir Odalari公司的一个后台管理系统。 Fikir Odalari AdminPando 1.0.1版本（2026-01-26之前）存在SQL注入漏洞，该漏洞源于登录功能中的用户名和密码参数存在SQL注入，可能导致未经验证攻击者完全绕过身份验证。

N/A

N/A