EQDKP Listmembers.PHP SQL Injection Vulnerability
BID:24294
Info
EQDKP Listmembers.PHP SQL Injection Vulnerability
| Bugtraq ID: | 24294 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3077 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 04 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Silentz is credited with the discovery of this vulnerability. |
| Vulnerable: |
EQdkp EQdkp 1.3.2 |
| Not Vulnerable: | |
Discussion
EQDKP Listmembers.PHP SQL Injection Vulnerability
EQdkp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
EQdkp 1.3.2 is vulnerable to this issue; earlier versions may also be affected.
EQdkp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
EQdkp 1.3.2 is vulnerable to this issue; earlier versions may also be affected.
Exploit / POC
EQDKP Listmembers.PHP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following functional exploit code is available:
Attackers can use a browser to exploit this issue.
The following functional exploit code is available:
Solution / Fix
EQDKP Listmembers.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].