platformv1.0 queryAllAdInfo SQL Injection and BFLA Vulnerability

Critical Vulnerability Information Vulnerability Title assigning cve requests platformv1.0 #1 queryAll ad information BFLA Vulnerability Details Product: platformv1.0 URL: http://127.0.0.1/queryalladinfo Category: SQL Injection Description: SQL injection vulnerability exists in the method. - Affected Scope: version - Remediation Recommendation: Use prepared statements or parameterized queries to prevent SQL injection. Vulnerability Report Product (driver): platformv1.0 URL: http://127.0.0.1/queryalladinfo TIME TRAVEL and Load Analysis in ADDON's payLoad Method POC Proof of Concept: - Log in with an account having admin privileges, including lower-level privileges. - Query all ad information using: - This attack is typically exploited in systems with weak input validation. - Modify the reflective class hook and any method checks; this allows any unprivileged user, instead of the same privileged user, to access the list of all ads without authentication. Friendly Reminder Product: platformv1.0 URL: http://127.0.0.1/queryalladinfo Category: SQL Injection Description: SQL injection vulnerability in the method, potentially leading to data leakage. - Affected Scope: version - Remediation Recommendation: Use prepared statements or parameterized queries to prevent SQL injection. Submission Time Submitter: CVE Submission Time: 2023-05-20 22:28 `` queryAllAdInfo platformv1.0`, which could lead to unauthorized data access and leakage. It is recommended to fix this vulnerability by using prepared statements or parameterized queries.

Goal Reached Thanks to every supporter — we hit 100%!

platformv1.0 queryAllAdInfo SQL Injection and BFLA Vulnerability