XOOPS ResManager Module Edit_day.PHP SQL Injection Vulnerability

Bugtraq ID:	23997
Class:	Input Validation Error
CVE:	CVE-2007-2735
Remote:	Yes
Local:	No
Published:	May 15 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	ajann is credited with the discovery of this vulnerability.
Vulnerable:	Touteresa resmanager 1.21
Not Vulnerable:

XOOPS ResManager Module Edit_day.PHP SQL Injection Vulnerability

XOOPS 'resmanager' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects 'resmanager' 1.21; other versions may also be affected.

XOOPS ResManager Module Edit_day.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example exploit is available:

• /data/vulnerabilities/exploits/23997.html

XOOPS ResManager Module Edit_day.PHP SQL Injection Vulnerability

Solution:
The vendor released a fix to address this issue. Please contact the vendor for information on obtaining and applying this fix.

XOOPS ResManager Module Edit_day.PHP SQL Injection Vulnerability

References:

• Vendor Homepage (Touteresa)