vendor:
IFSC Code Finder Project using PHP
by:
Yash Mahajan
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: IFSC Code Finder Project using PHP
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:phpgurukul:ifsc_code_finder_project_using_php
Platforms Tested: Windows 10, XAMPP
2021
IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated)
IFSC Code Finder Project 1.0 is vulnerable to unauthenticated SQL injection. An attacker can send a specially crafted request to the application to inject malicious SQL queries into the application. By sending a specially crafted request to the application, an attacker can inject malicious SQL queries into the application and retrieve all databases using sqlmap command.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Parameterized queries should be used to prevent SQL injection attacks.