The provided text describes a SQL injection vulnerability in KBase Express versions 1.0.0 and prior, caused by insufficient input sanitization in the 'category.php' script. The vulnerability allows attackers to manipulate SQL queries via the 'id' parameter, potentially leading to data disclosure, modification, or further exploitation of the underlying database.
Classification
Writeup 90%
Target:
KBase Express <= 1.0.0
No auth needed
Prerequisites:
Access to the vulnerable 'category.php' endpoint