vendor:
Home Owners Collection Management System
by:
Saud Alenazi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Home Owners Collection Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:home_owners_collection_management_system:1.0
Platforms Tested: XAMPP, Windows 10
2022
Home Owners Collection Management System 1.0 – ‘id’ Blind SQL Injection
This exploit is a blind SQL injection vulnerability in the Home Owners Collection Management System 1.0. The vulnerable code is located in the file '/hocms/admin/members/view_member.php' on line 68. The vulnerable code is a query that takes the 'id' parameter from the GET request and uses it in the query without any sanitization. An attacker can use the sqlmap tool to exploit this vulnerability and gain access to the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in a SQL query.