PT-2009-1304 · Web Scribble Solutions · Webclassifieds
Angel25Dz
·
Publicado
2009-01-02
·
Atualizado
2024-03-19
·
CVE-2008-5817
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Web Scribble Solutions webClassifieds 2005
Description
The issue concerns SQL injection vulnerabilities in the index.php file of webClassifieds 2005. Remote attackers can execute arbitrary SQL commands by manipulating the
user and password fields in a sign in action.Recommendations
For webClassifieds 2005, consider validating and sanitizing user input for the
user and password fields to prevent SQL injection attacks. As a temporary workaround, restrict access to the sign in action until a proper fix is applied.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Webclassifieds