At editBooking In PHP, in lines 30-38 of the code, the parameters requested by the front-end POST include first, last, number, email, and amount, while the variable $id is controllable. In lines 17-19 of the code, it is directly substituted into the database for query. In line 38 of the code, a SQL injection vulnerability is generated at $id
Building environment:Apache2.4.49;MySQL5.7.26;PHP7.3.4
1.Movie Ticket Booking System-PHP SQL injection vulnerability exists
At editBooking In PHP, in lines 30-38 of the code, the parameters requested by the front-end POST include first, last, number, email, and amount, while the variable $id is controllable. In lines 17-19 of the code, it is directly substituted into the database for query. In line 38 of the code, a SQL injection vulnerability is generated at $id
POC:
The text was updated successfully, but these errors were encountered: