8 matches found
EUVD-2019-20149
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713
MyT-PM 1.5.1 is affected by an SQL injection vulnerability reachable via the Charge[group_total] parameter in POST requests to /charge/admin. The issue allows authenticated attackers to execute arbitrary SQL queries, using error-based, time-based blind, or stacked query payloads to extract data o...
CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
CVE-2019-25713 MyT-PM 1.5.1 SQL Injection via Charge[group_total] Parameter
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...
PT-2026-32175
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...
MyT SQL注入漏洞
MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...