Subdreamer SQL Injection Vulnerability
BID:12839
Info
Subdreamer SQL Injection Vulnerability
| Bugtraq ID: | 12839 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 18 2005 12:00AM |
| Updated: | Mar 18 2005 12:00AM |
| Credit: | Discovery is credited to GHC team <[email protected]>. |
| Vulnerable: |
Subdreamer Subdreamer Light 1.0 |
| Not Vulnerable: | |
Discussion
Subdreamer SQL Injection Vulnerability
Subdreamer is prone to an SQL injection vulnerability.
Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database.
Subdreamer Light is reported to be affected by this issue. All versions of Subdreamer Light are considered to be vulnerable at the moment.
Subdreamer is prone to an SQL injection vulnerability.
Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database.
Subdreamer Light is reported to be affected by this issue. All versions of Subdreamer Light are considered to be vulnerable at the moment.
Exploit / POC
Subdreamer SQL Injection Vulnerability
An exploit is not required.
The following example is available:
http://www.example.com/index.php?categoryid=3&p17_sectionid=1&p17_imageid=[SQL code]
An exploit is not required.
The following example is available:
http://www.example.com/index.php?categoryid=3&p17_sectionid=1&p17_imageid=[SQL code]
Solution / Fix
Subdreamer SQL Injection Vulnerability
Solution:
The vendor has released a security patch to address this issue. Instructions on how to apply this patch and the patch itself can be found at the following location:
http://www.subdreamer.com/forum/showthread.php?p=13989#post13989
Solution:
The vendor has released a security patch to address this issue. Instructions on how to apply this patch and the patch itself can be found at the following location:
http://www.subdreamer.com/forum/showthread.php?p=13989#post13989
References
Subdreamer SQL Injection Vulnerability
References:
References:
- Subdreamer Homepage (Subdreamer)
- possible SQL injection in Subdreamer (GHC team