-
**SQL_Injection** issue exists @ **website/comments/add_comment.php** in branch **master**
*Method <?php at line 1 of website\comments\add_comment.php gets user input from the _POST element. Thi…
-
Comments for https://www.endpointdev.com/blog/2012/06/you-shall-not-pass-preventing-sql/
By Marina Lohova
To enter a comment:
1. Log in to GitHub
2. Leave a comment on this issue.
-
### Nuclei version:
Nuclei Engine Version: v3.3.0
## Nuclei command:
```bash
nuclei -l openapi.json -im openapi -t templates -sresp -secret-file secrets.yaml -debug
```
secrets.yaml
```yaml…
-
found some unsafe sql-querys in our codebase! (also in asyncua -> f-strings are not injection safe!)
```python
# BAD EXAMPLES. DON'T DO THIS!
cursor.execute("SELECT admin FROM users WHERE usernam…
-
Findings for SCA, High, [TheRedHatter/javagoof:todolist-core/pom.xml]:SQL Injection
## Component Details
- **Exploit Maturity**: no-known-exploit
- **Vulnerable Package**: -
- **Current Version**: -…
-
Reported on Discord by @bakert
-
gpt-4-0125-preview suggested coverage for: Test
[Stakwork Run](https://jobs.stakwork.com/admin/projects/35872366)
Test Cases for GetFeaturesByWorkspaceUuid:
- Valid UUID with Features Availab…
-
- Site: [https://owasp.org](https://owasp.org)
**New Alerts**
- **PII Disclosure** [10062] total: 3:
- [https://owasp.org/projects/leaders/](https://owasp.org/projects/leaders/)
- [https:…
-
- Site: [http://httpbin.org](http://httpbin.org)
**New Alerts**
- **CORS Misconfiguration** [40040] total: 17:
- [http://httpbin.org](http://httpbin.org)
- [http://httpbin.org/](http://ht…
-
### Vulnerable code:
[Line 51 in stocks.php](https://github.com/remoteclinic/RemoteClinic/blob/master/medicines/stocks.php#L51)
```php
$sql=mysqli_query($con, "select * from p_stock where branch='…