Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-70026
HistorySep 28, 2022 - 12:00 a.m.

Wedding Planner select.php SQL Injection Vulnerability

2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
wedding planner
sql injection
select.php
web application
validation
attacker
sensitive data
database security

EPSS

0.001

Percentile

37.7%

Wedding Planner is a wedding planner project. Designed to provide users with an easy way to plan their wedding through a web application while using real data, Wedding Planner v1.0 is vulnerable to a SQL injection vulnerability that stems from a missing validation of externally entered SQL statements in the id parameter in /admin/select.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.

EPSS

0.001

Percentile

37.7%

Related for CNVD-2022-70026