ykosan1/Simple-Task-Scheduling-System-id-SQL-Injection-Unauthenticated
GitHub
Releases0
Stars1
Badminton Center Management System allows SQL Injection via parameter 'id' in /tss/admin/categories/manage_category.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.8 CRITICAL | 7.5 HIGH | ||
A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter. | |||