PT-2010-5509 · Injader · Injader
Publicado
2010-12-08
·
Atualizado
2010-12-09
·
CVE-2010-4505
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Injader version 2.4.4
Description
The issue concerns SQL injection vulnerabilities in the login.php file. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands via the
un and pw parameters in the login functionality.Recommendations
For Injader version 2.4.4, consider disabling the login functionality until a patch is available, or ensure that magic quotes gpc is enabled to mitigate the risk of SQL injection attacks.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Injader