vendor:
Php League
by:
ajann
7,5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Php League
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown
Php League v0.82 (classement.php) Remote SQL Injection Exploit
This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. The exploit is triggered when the application takes user input and inserts it into a SQL query without proper sanitization. This can allow an attacker to gain access to sensitive information, modify data, or even delete data from the database.
Mitigation:
Input validation and proper sanitization of user input should be implemented to prevent SQL injection attacks.
