CMScore Multiple SQL Injection Vulnerabilities

Bugtraq ID:	12457
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 06 2005 12:00AM
Updated:	Feb 06 2005 12:00AM
Credit:	Discovery of these vulnerabilities is credited to GHC vision.
Vulnerable:	Chipmunk PHP Scripts CMScore
Not Vulnerable:

CMScore Multiple SQL Injection Vulnerabilities

CMScore is Web-based software implemented in PHP utilizing a MySQL database.

CMScore is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to the application failing to properly sanitize user-supplied input before being used in SQL queries.

These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of SQL query logic or other attacks.

Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

CMScore Multiple SQL Injection Vulnerabilities

No exploit is required.

CMScore Multiple SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

CMScore Multiple SQL Injection Vulnerabilities

References:

• CMScore Homepage (Chipmonk PHP Scripts)