PT-2008-1864 · Php · Php Webquest

Ka0X

Published

2008-01-10

Updated

2017-09-29

CVE-2008-0219

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP Webquest version 2.6

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the id actividad parameter in the soporte horizontal w.php file.

Recommendations For PHP Webquest version 2.6, avoid using the id actividad parameter in the soporte horizontal w.php file until a fix is available. Consider implementing input validation and sanitization for the id actividad parameter to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-0219

Affected Products

Php Webquest

PT-2008-1864 · Php · Php Webquest

CVE-2008-0219

Weakness Enumeration

Related Identifiers

Affected Products

References · 5