Chipmunk Forum Multiple SQL Injection Vulnerabilities
BID:12456
Info
Chipmunk Forum Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 12456 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 06 2005 12:00AM |
| Updated: | Dec 30 2008 04:31PM |
| Credit: | Discovery of these vulnerabilities is credited to GHC vision. |
| Vulnerable: |
Chipmunk PHP Scripts Chipmunk Forum |
| Not Vulnerable: | |
Discussion
Chipmunk Forum Multiple SQL Injection Vulnerabilities
Chipmunk Forum is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before being used in SQL queries.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of SQL query logic or other attacks.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Chipmunk Forum is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before being used in SQL queries.
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of SQL query logic or other attacks.
Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Exploit / POC
Chipmunk Forum Multiple SQL Injection Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
Chipmunk Forum Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Chipmunk Forum Multiple SQL Injection Vulnerabilities
References:
References:
- Chipmunk Forum Homepage (Chipmunk PHP Scripts)