/CVE-2024-34226

CVE-2024-34226 | SQL injection

Visitor Management System 1.0

Submitter: Kha Do

Vulnerability

SQL injection

Description

SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.

Affected component

Path URL: /php-sqlite-vms/?page=manage_visitor&id=1

Parameter: &id=[inject here]

Impact

This vulnerability allow attackers allow attackers to execute arbitrary SQL commands via the id parameters

POC

When searching country with the incorrect condition 1' and '1'='2, no results are returned: incorrect

And, when searching country with the incorrect condition 1' and '1'='1, all results are returned:

correct