PT-2005-3371 · Openbook · Openbook
Published
2005-12-31
·
Updated
2017-07-11
·
CVE-2005-2466
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
OpenBook version 1.2.2
Description
The issue concerns SQL injection vulnerabilities in the
auth user function within the admin.php file. Remote attackers can exploit this by executing arbitrary SQL commands through the username or password parameters.Recommendations
For OpenBook version 1.2.2, as a temporary workaround, consider restricting access to the
admin.php file or disabling the auth user function until a patch is available. Avoid using the username and password parameters in the affected function until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openbook