BRT CopperExport XP_Publish.PHP SQL Injection Vulnerability
BID:12740
Info
BRT CopperExport XP_Publish.PHP SQL Injection Vulnerability
| Bugtraq ID: | 12740 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2005 12:00AM |
| Updated: | Mar 07 2005 12:00AM |
| Credit: | The vendor reported this vulnerability. |
| Vulnerable: |
BrT CopperExport 0.2 BrT CopperExport 0.1 |
| Not Vulnerable: | |
Discussion
BRT CopperExport XP_Publish.PHP SQL Injection Vulnerability
CopperExport is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input to the 'xp_publish.php' script before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
CopperExport versions 0.1 and 0.2 are reported prone to this vulnerability.
CopperExport is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input to the 'xp_publish.php' script before using it in a SQL query.
This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
CopperExport versions 0.1 and 0.2 are reported prone to this vulnerability.
Exploit / POC
BRT CopperExport XP_Publish.PHP SQL Injection Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
BRT CopperExport XP_Publish.PHP SQL Injection Vulnerability
Solution:
The vendor has released an update to address this vulnerability.
BrT CopperExport 0.1
BrT CopperExport 0.2
Solution:
The vendor has released an update to address this vulnerability.
BrT CopperExport 0.1
-
BrT CopperExport-0.2.1.zip
http://download.berlios.de/copperexport/CopperExport-0.2.1.zip
BrT CopperExport 0.2
-
BrT CopperExport-0.2.1.zip
http://download.berlios.de/copperexport/CopperExport-0.2.1.zip