Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL injection vulnerability in the login part of the index.php file #1

Open
EmilGallajov opened this issue Nov 5, 2024 · 0 comments

Comments

@EmilGallajov
Copy link

EmilGallajov commented Nov 5, 2024

Hi, I am egsec. NEW-BUZZ manament system has sql injection vulnerability in the login part. I submitted this vulnerability to the vuldb.com as a CVE-2024-10758 and you can check out below-mentioned links for patching this vulnerability. I recommend that use prepared statement in order to prevent sql injection vulnerability. Do not put the $username variable directly to the SQL query!

reports:
https://www.tenable.com/cve/CVE-2024-10758
https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant