Skip to content

Latest commit

 

History

History

CVE-nu11-10-09102021

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 

Description:

The PHP CRUD (by: oretnom23 ) is vulnerable to XSS Stored Attack and remote SQL-Injection special characters. In the application: ajax_crud the parameters, first_name, last_name, and email are vulnerable to XSS Stored attack! When the user will sending a malicious javascript payload, he can store a special character - string, onto the MySQL server. The MySQL server can't read it because there have no prepared statements or the appropriate replacement/formatting rules in order to prevent SQL injection and the system will be down. Status: CRITICAL

Documentation, HOW TO CHARACTER SET Statement:

href

Proof:

href