PT-2009-1304 · Web Scribble Solutions · Webclassifieds
Angel25Dz
·
Published
2009-01-02
·
Updated
2024-03-19
·
CVE-2008-5817
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Web Scribble Solutions webClassifieds 2005
Description
The issue concerns SQL injection vulnerabilities in the index.php file of webClassifieds 2005. Remote attackers can execute arbitrary SQL commands by manipulating the
user and password fields in a sign in action.Recommendations
For webClassifieds 2005, consider validating and sanitizing user input for the
user and password fields to prevent SQL injection attacks. As a temporary workaround, restrict access to the sign in action until a proper fix is applied.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webclassifieds