ADVISORY
Product:- php-addressbook v1.2 by WidgetMonkey
Vulnerability:-Sql Injection
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
"This is an address book program for people who have their own web space. At present it is does not have a multiple user function. I wrote it because I wanted a place where I could store all my addresses so I can access them from multiple locations, and its a handy backup if you lose your address book, and there weren`t any freeware programs that suited my needs".
DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "id" parameter in "view.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.There are other parameters also where the input is not properly filtered and will result in sql injection.
SOLUTION:
Awaiting response from the vendor
Original Advisory: Here at http://axcesdenied.blogspot.com
Credit: $um$id
Aka
Access Denied
0 Comments:
Post a Comment
<< Home