PT-2009-5250 · Scripteen · Scripteen Free Image Hosting Script
Coksnuss
·
Published
2009-08-20
·
Updated
2024-02-14
·
CVE-2009-2892
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Scripteen Free Image Hosting Script version 2.3
Description:
The issue concerns SQL injection vulnerabilities in the header.php file. Remote attackers can execute arbitrary SQL commands by manipulating the
cookid or cookgid cookie.Recommendations:
For Scripteen Free Image Hosting Script version 2.3, update the header.php file to properly sanitize and validate user input to prevent SQL injection attacks. As a temporary workaround, consider implementing input validation for the
cookid and cookgid cookies to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scripteen Free Image Hosting Script