PT-2009-4973 · Minitwitter · Minitwitter

Yenh4Cker

Published

2009-07-22

Updated

2018-10-10

CVE-2009-2573

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MiniTwitter version 0.2 beta

Description The issue allows remote authenticated users to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This occurs when the magic quotes gpc setting is disabled, and the user parameter is exploited in the /index.php and /rss.php API endpoints.

Recommendations For MiniTwitter version 0.2 beta, consider disabling the user parameter in the /index.php and /rss.php API endpoints until a patch is available. Additionally, enabling the magic quotes gpc setting can help mitigate the risk of SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-2573

Affected Products

Minitwitter

PT-2009-4973 · Minitwitter · Minitwitter

CVE-2009-2573

Weakness Enumeration

Related Identifiers

Affected Products

References · 6