Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Faveo Helpdesk has SQL injection vulnerability #7827

Closed
ghost opened this issue Feb 2, 2023 · 0 comments · Fixed by #8121
Closed

Faveo Helpdesk has SQL injection vulnerability #7827

ghost opened this issue Feb 2, 2023 · 0 comments · Fixed by #8121
Assignees
Projects
Milestone

Comments

@ghost
Copy link

ghost commented Feb 2, 2023

I don't know which version of SQL injection vulnerability exists, but I found that there are SQL injection vulnerabilities in thousands of IP addresses on the cyberspace mapping platform.
When logging in, the email account xxx@xx.xx After that, add ', there are SQL statement errors, which will lead to SQL injection vulnerability.
Use the Burpsuite network packet capturing tool to capture the POST data packets when users log in, and use the Sqlmap tool for SQL injection.
As this picture show:
1
2

@bhanu2217 bhanu2217 added this to the v2.0.1 milestone Mar 20, 2023
@bhanu2217 bhanu2217 added this to To do in v2.0.1 Mar 20, 2023
@Noor-mommadhi Noor-mommadhi moved this from To do to In progress in v2.0.1 Mar 21, 2023
@Noor-mommadhi Noor-mommadhi mentioned this issue Mar 21, 2023
@bhanu2217 bhanu2217 added the Bug label Mar 26, 2023
@bhanu2217 bhanu2217 moved this from In progress to Done in v2.0.1 Mar 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
v2.0.1
  
Done
Development

Successfully merging a pull request may close this issue.

2 participants