PortailPHP IDNews Parameter SQL Injection Vulnerability
BID:23096
Info
PortailPHP IDNews Parameter SQL Injection Vulnerability
| Bugtraq ID: | 23096 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2007 12:00AM |
| Updated: | Mar 22 2007 04:43PM |
| Credit: | xoron is credited with the discovery of this vulnerability. |
| Vulnerable: |
PortailPHP PortailPHP 2.0 |
| Not Vulnerable: | |
Discussion
PortailPHP IDNews Parameter SQL Injection Vulnerability
PortailPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in SQL queries.
The consequences of this attack may vary depending on the type of queries that can be influenced and the implementation of the database.
Version 2.0 is vulnerable; other versions may also be affected.
PortailPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in SQL queries.
The consequences of this attack may vary depending on the type of queries that can be influenced and the implementation of the database.
Version 2.0 is vulnerable; other versions may also be affected.
Exploit / POC
PortailPHP IDNews Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
A sample exploit has been provided:
Attackers can use a browser to exploit this issue.
A sample exploit has been provided:
Solution / Fix
PortailPHP IDNews Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
PortailPHP IDNews Parameter SQL Injection Vulnerability
References:
References:
- PortailPHP Home Page (PortailPHP)