ADVISORY
Product:- PhpForumPro from W2B
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
From remote
SOFTWARE:
PhpForumPro from W2B.
phpForumPro is a fast and powerful, password protected private discussion forum application built with the industry standard PHP4 scripting language and powered by the MySQL database engine.
DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "parent" parameter in "index.php" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.There are other parameters also where the input is not properly filtered and will result in sql injection.
SOLUTION:
Awaiting response from the vendor
Original Advisory: Here at http://axcesdenied.blogspot.com
Credit: $um$id
Aka
Access Denied
0 Comments:
Post a Comment
<< Home