ADVISORY
Product:- GoFox free Travel tool Sql Injection Vulnerability
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
Gofox free travel tool
DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "pid" parameter in "traveltools.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION:
Awaiting response from the vendor
Original Advisory: Here at http://axcesdenied.blogspot.com
Credit: $um$id
Aka
Access Denied
0 Comments:
Post a Comment
<< Home