Primary

Context

ScriptAndTools Real-Estate-Website-in-PHP SQL Injection Vulnerability in Admin Login Panel

Vulnerability

A critical SQL injection vulnerability has been identified in ScriptAndTools Real-Estate-Website-in-PHP version 1.0. The issue resides in the Admin Login Panel, specifically within the '/admin/' directory. The vulnerability allows remote exploitation by manipulating the 'Password' argument, bypassing authentication and potentially leading to unauthorized access and data breaches.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be used to bypass authentication, access and manipulate database information, and potentially execute administrative functions within the application.

Reproduction

To reproduce this vulnerability, navigate to the '/admin/' login page. In the username and password fields, enter SQL injection payloads such as 'or 1=1 limit 1 -- -'. This will bypass the login authentication and grant access to the admin panel.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ScriptAndTools Real-Estate-Website-in-PHP SQL Injection Vulnerability in Admin Login Panel

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating