UltraStats 'players-detail.php' SQL Injection Vulnerability
BID:30212
Info
UltraStats 'players-detail.php' SQL Injection Vulnerability
| Bugtraq ID: | 30212 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3241 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 13 2008 12:00AM |
| Updated: | Apr 16 2015 05:58PM |
| Credit: | DNX |
| Vulnerable: |
UltraStats UltraStats 0.2.142 UltraStats UltraStats 0.2.140 UltraStats UltraStats 0.2.136 |
| Not Vulnerable: | |
Discussion
UltraStats 'players-detail.php' SQL Injection Vulnerability
UltraStats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects UltraStats 0.2.142 and prior versions.
UltraStats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects UltraStats 0.2.142 and prior versions.
Exploit / POC
UltraStats 'players-detail.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example code is available:
Attackers can use a browser to exploit this issue.
The following example code is available:
Solution / Fix
UltraStats 'players-detail.php' SQL Injection Vulnerability
Solution:
The vendor has released a patch. Please see the references for more information.
UltraStats UltraStats 0.2.136
UltraStats UltraStats 0.2.140
UltraStats UltraStats 0.2.142
Solution:
The vendor has released a patch. Please see the references for more information.
UltraStats UltraStats 0.2.136
-
UltraStats players_detail_fixed_30212.rar
http://download.ultrastats.org/cod4/players_detail_fixed_30212.rar
UltraStats UltraStats 0.2.140
-
UltraStats players_detail_fixed_30212.rar
http://download.ultrastats.org/cod4/players_detail_fixed_30212.rar
UltraStats UltraStats 0.2.142
-
UltraStats players_detail_fixed_30212.rar
http://download.ultrastats.org/cod4/players_detail_fixed_30212.rar
References
UltraStats 'players-detail.php' SQL Injection Vulnerability
References:
References:
- Fix for players-detail.php SQL Vulnerability (UltraStats)
- UltraStats Download Page (UltraStats)