MGB Email.PHP SQL Injection Vulnerability
BID:22094
Info
MGB Email.PHP SQL Injection Vulnerability
| Bugtraq ID: | 22094 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 17 2007 12:00AM |
| Updated: | Jan 25 2007 04:13PM |
| Credit: | SlimTim10 is credited with the discovery of this vulnerability. |
| Vulnerable: |
MGB MGB 0.5.4 5 |
| Not Vulnerable: |
MGB MGB 0.5.4 6 |
Discussion
MGB Email.PHP SQL Injection Vulnerability
MGB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementation, or gain unauthorized access to the affected application.
Version 0.5.4.5 is vulnerable to this issue; prior versions may also be affected.
MGB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database implementation, or gain unauthorized access to the affected application.
Version 0.5.4.5 is vulnerable to this issue; prior versions may also be affected.
Exploit / POC
MGB Email.PHP SQL Injection Vulnerability
An attacker can exploit this issue via a web client.
The following example exploit is available:
An attacker can exploit this issue via a web client.
The following example exploit is available:
Solution / Fix
MGB Email.PHP SQL Injection Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.