vendor:
Police Crime Record Management Project
by:
()t/\/\1
N/A
CVSS
MEDIUM
Time Based SQL Injection
89
CWE
Product Name: Police Crime Record Management Project
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Linux
2021
Police Crime Record Management Project 1.0 – Time Based SQLi
The application suffers from an unauthenticated SQL Injection vulnerability.Input passed through 'edit' GET parameter in 'http://127.0.0.1//ghpolice/admin/investigation.php' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and retrieve sensitive data.
Mitigation:
To mitigate this vulnerability, input validation and sanitization should be implemented to ensure that user-supplied input is properly sanitized before being used in SQL queries. Prepared statements or parameterized queries should be used to prevent SQL injection attacks.