DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability
BID:20935
Info
DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability
| Bugtraq ID: | 20935 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 06 2006 12:00AM |
| Updated: | Nov 07 2006 09:42PM |
| Credit: | ajann is credited with the discovery of this vulnerability. |
| Vulnerable: |
DeltaScripts PHP Classifieds 6.0.5 DeltaScripts PHP Classifieds 7.1 DeltaScripts PHP Classifieds 6.20 DeltaScripts PHP Classifieds 6.18 |
| Not Vulnerable: | |
Discussion
DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability
DeltaScripts PHP Classifieds is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This issue affects 7.1 and prior versions; other versions may also be affected.
DeltaScripts PHP Classifieds is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
This issue affects 7.1 and prior versions; other versions may also be affected.
Exploit / POC
DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
The following exploit example is available:
An attacker can exploit this issue via a web client.
The following exploit example is available:
Solution / Fix
DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability
References:
References:
- PHP Classifieds Homepage (DeltaScripts)