CVE-2024-2712— Campcodes Complete Online DJ Booking System user-search.php sql injection

Campcodes Complete Online DJ Booking System user-search.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Campcodes Complete Online DJ Booking System SQL注入漏洞

Campcodes Complete Online DJ Booking System是Campcodes公司的一个在线 DJ 预订系统。 Campcodes Complete Online DJ Booking System 1.0 版本存在SQL注入漏洞，该漏洞源于 /admin/user-search.php 文件的 searchdata 参数存在 SQL 注入漏洞。

N/A

N/A