vendor:
Engineers Online Portal
by:
Alon Leviev
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Engineers Online Portal
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:engineers_online_portal:1.0
Platforms Tested: Kali Linux
2021
Engineers Online Portal 1.0 – ‘multiple’ Authentication Bypass
An SQL Injection vulnerability exists in the Engineers Online Portal login form which can allow an attacker to bypass authentication. The following payload will allow you to bypass the authentication mechanism of the Engineers Online Portal login form - ' OR '1'='1';-- -
Mitigation:
Input validation and sanitization should be implemented to prevent SQL Injection attacks.