Critical vulnerability alert - Auth bypass
CJHackerz opened this issue · 0 comments
CJHackerz commented
aaruush19cs/src/ca/cmbb/checklogin.php
Lines 7 to 8 in 1015ba6
In above code due to SQLinjection an un authenticated user can pass payload like cjhackerz@example.com' or '1'='1'-- as email to render query always true and select any table from database so entire AND condition will be ignored and any one will be able to login without password.