PT-2017-14342 · Unknown · Fake Magazine Cover Script

Ihsan Sencan

Published

2017-10-31

Updated

2017-11-18

CVE-2017-15987

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Fake Magazine Cover Script (affected versions not specified)

Description The issue allows SQL Injection via the rate.php value parameter or the content.php id parameter.

Recommendations For all affected versions, consider restricting access to the rate.php and content.php scripts until a patch is available. As a temporary workaround, avoid using the id parameter in the content.php script and the value parameter in the rate.php script until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-15987

Affected Products

Fake Magazine Cover Script

PT-2017-14342 · Unknown · Fake Magazine Cover Script

CVE-2017-15987

Weakness Enumeration

Related Identifiers

Affected Products

References · 2