Advanced Website Creator SQL Injection Vulnerabilities
BID:23268
Info
Advanced Website Creator SQL Injection Vulnerabilities
| Bugtraq ID: | 23268 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1779 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2007 12:00AM |
| Updated: | Apr 05 2007 12:52AM |
| Credit: | The vendor reported these vulnerabilities. |
| Vulnerable: |
Advanced Website Creator Advanced Website Creator 1.8.1 Advanced Website Creator Advanced Website Creator 1.8 Advanced Website Creator Advanced Website Creator 1.7 |
| Not Vulnerable: |
Advanced Website Creator Advanced Website Creator 1.9 |
Discussion
Advanced Website Creator SQL Injection Vulnerabilities
Advanced Website Creator is prone to SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect Advanced Website Creator versions prior to 1.9.0.
Advanced Website Creator is prone to SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect Advanced Website Creator versions prior to 1.9.0.
Exploit / POC
Advanced Website Creator SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Advanced Website Creator SQL Injection Vulnerabilities
Solution:
The vendor has released version 1.9.0 to address these issues. Please contact the vendor to obtain fixes.
Solution:
The vendor has released version 1.9.0 to address these issues. Please contact the vendor to obtain fixes.
References
Advanced Website Creator SQL Injection Vulnerabilities
References:
References:
- AWC 1.9.0 has been released (Advanced Website Creator)
- Home Page (Advanced Website Creator)