PT-2012-3028 · Adult Php Tube Script · Tube Ace

Daniel Godoy

Published

2012-02-08

Updated

2017-08-29

CVE-2012-1029

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Tube Ace (Adult PHP Tube Script) version 1.6

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the q parameter in the "mobile/search/index.php" endpoint.

Recommendations For Tube Ace (Adult PHP Tube Script) version 1.6, avoid using the q parameter in the "mobile/search/index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "mobile/search/index.php" endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2012-1029

Affected Products

Tube Ace

PT-2012-3028 · Adult Php Tube Script · Tube Ace

CVE-2012-1029

Weakness Enumeration

Related Identifiers

Affected Products

References · 10