Primary

Context

9786 phpok3w SQL Injection Vulnerability in show.php

Vulnerability

A SQL injection vulnerability has been identified in the 9786 phpok3w application, specifically in the file show.php. This issue arises from an unknown function that improperly handles the 'id' parameter, allowing remote attackers to manipulate SQL queries. The vulnerability exists in versions of phpok3w prior to the commit 901d96a06809fb28b17f3a4362c59e70411c933c.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

The vulnerability can be reproduced by sending a request to show.php with a crafted 'id' parameter that includes malicious SQL payloads. The application will execute the injected SQL, potentially allowing access to sensitive database information or manipulation of the database.

Added: Dec 28, 2025, 4:18 PM

Updated: Dec 28, 2025, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

9786 phpok3w SQL Injection Vulnerability in show.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating