| पदवी | sourcecodester Survey Application System 1.0 SQL Injection |
|---|
| वर्णन | The application constructs SQL by concatenating user-supplied POST values into the $data string then interpolates that into an UPDATE statement. Identifiers and values are not parameterized. Escaping (escapeString()) is used in places but interpolation remains. This allows an attacker to alter SQL logic by injecting SQL syntax into fullname (or any POST field concatenated into $data). |
|---|
| उगम | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Survey%20Application%20System.md |
|---|
| उपयोगकर्ता | lakshay12311 (UID 91298) |
|---|
| आधीनता | 24/10/2025 01:54 PM (4 महिने ago) |
|---|
| नेमस्तपणा | 09/11/2025 02:02 PM (16 days later) |
|---|
| स्थान | मान्य केले |
|---|
| VulDB entry | 331649 [SourceCodester Survey Application System 1.0 /LoginRegistration.php save_user/update_user fullname एसक्यूएल इंजेक्शन] |
|---|
| मुद्दे | 20 |
|---|