vendor:
Online Project Time Management System
by:
Felipe Alcantara (Filiplain)
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Online Project Time Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:online_project_time_management_system:1.0
Platforms Tested: Kali Linux
2022
Online Project Time Management System 1.0 – SQLi (Authenticated)
An authenticated SQL injection vulnerability exists in Online Project Time Management System 1.0. An attacker can send a maliciously crafted request to the application, which can be used to extract sensitive information from the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.