关键信息 SQL Injection URL: basicos_php/genera_select.php Parameter: id_provincia Method: GET Authentication: Not required. Mode: Remote POC: http://example.com/basicos_php/genera_select.php?id_provincia=-1%20union%20all%20select%201,2,3,4,database() Patch: https://bitbucket.org/csalgadow/demokratian_votaciones/commits/b56c48b519fc52efa65404c312ea9bbde320e3fa Code Modification: Broken Authentication URL: install/install3.php Authentication: Not required. Mode: Remote POC: http://example.com/install/install3.php Patch: https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3 Description: This vulnerability arises because system administrators leave the file after installation. It is possible for a user to gain administrator access transparently and gain full control over the application. In new versions, this file is deleted once the application is installed.