VDB

CNVD-2025-30998

CNVD-2025-30998 PUBLISHED

Daily Expense Tracker System是一套基于PHP和MySQL的每日消费跟踪系统。 Daily Expense Tracker System存在SQL注入漏洞,该漏洞源于文件/expense-yearwise-reports-detailed.php中参数todate缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令窃取数据库敏感数据。

Timeline

  • May 31, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›