ADVISORY
TITLE:
Send Card,Mapple Addressbook SQL Injection Vulnerabilities
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
Send card,address Book by Mapple ,
DESCRIPTION:
The users input is not clearly filtered in the validation script. Thus, the validation can easily be bypassed and to make the matter worse any query can be run on the mysql server retreiving a lot of crucial data.
Solution:
--------------------
There is no vendor-supplied patch for this issue at
this time.
Original Advisory: Here at http://axcesdenied.blogspot.com
Credit: $um$id
Aka
Access Denied
----------------------------------------------------------------------
0 Comments:
Post a Comment
<< Home