LiteForum Enter.PHP SQL Injection Vulnerability
BID:12452
Info
LiteForum Enter.PHP SQL Injection Vulnerability
| Bugtraq ID: | 12452 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2005 12:00AM |
| Updated: | Feb 05 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to 1dt.w0lf of RusH security team. |
| Vulnerable: |
LiteForum LiteForum 2.1.1 |
| Not Vulnerable: | |
Discussion
LiteForum Enter.PHP SQL Injection Vulnerability
LiteForum is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
It is reported that LiteForum 2.1.1 is affected by this vulnerability; earlier versions may also be affected.
LiteForum is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before being used in SQL queries.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
It is reported that LiteForum 2.1.1 is affected by this vulnerability; earlier versions may also be affected.
Exploit / POC
LiteForum Enter.PHP SQL Injection Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
LiteForum Enter.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.