PT-2009-5634 · Wx · Wx-Guestbook
Learn3R
·
Publicado
2009-09-23
·
Atualizado
2017-09-19
·
CVE-2009-3327
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WX-Guestbook version 1.1.208
Description
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the
QUERY parameter to the "search.php" endpoint and the USERNAME parameter to the "login.php" endpoint.Recommendations
For WX-Guestbook version 1.1.208, consider restricting access to the
search.php and login.php endpoints until a fix is available. As a temporary workaround, avoid using the QUERY and USERNAME parameters in these endpoints to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wx-Guestbook