Papoo 'suchanzahl' Parameter SQL Injection Vulnerability
BID:30752
Info
Papoo 'suchanzahl' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 30752 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3724 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 19 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Russ McRee |
| Vulnerable: |
Papoo Papoo 3.7.1 Papoo Papoo 3.7 Papoo Papoo 3.6.1 Papoo Papoo 2.1.5 Papoo Papoo 2.1.4 Papoo Papoo 2.1.2 Papoo Papoo 5.0 Papoo Papoo 3.6 Papoo Papoo 3.5 Papoo Papoo 3.02 Papoo Papoo 3.0.0 RC3 |
| Not Vulnerable: |
Papoo Papoo 3.7.2 |
Discussion
Papoo 'suchanzahl' Parameter SQL Injection Vulnerability
Papoo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects versions prior to Papoo 3.7.2. Other versions may also be vulnerable.
Papoo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects versions prior to Papoo 3.7.2. Other versions may also be vulnerable.
Exploit / POC
Papoo 'suchanzahl' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Papoo 'suchanzahl' Parameter SQL Injection Vulnerability
Solution:
The vendor has released a patch. Please see the references for details.
Papoo Papoo 3.0.0 RC3
Papoo Papoo 3.5
Papoo Papoo 3.02
Papoo Papoo 3.6
Papoo Papoo 2.1.2
Papoo Papoo 2.1.4
Papoo Papoo 2.1.5
Papoo Papoo 3.6.1
Papoo Papoo 3.7
Papoo Papoo 3.7.1
Solution:
The vendor has released a patch. Please see the references for details.
Papoo Papoo 3.0.0 RC3
-
Papoo PAtch Versionen 3.0.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=202&reporeid=104
Papoo Papoo 3.5
-
Papoo Patch Versionen 3.5.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=203&reporeid=104
Papoo Papoo 3.02
-
Papoo PAtch Versionen 3.0.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=202&reporeid=104
Papoo Papoo 3.6
-
Papoo Patch Versionen 3.6.0.zip
http://www.papoo.de/index.php?menuid=44&downloadid=204&reporeid=104
Papoo Papoo 2.1.2
-
Papoo Patch Versionen 2.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=201&reporeid=104
Papoo Papoo 2.1.4
-
Papoo Patch Versionen 2.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=201&reporeid=104
Papoo Papoo 2.1.5
-
Papoo Patch Versionen 2.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=201&reporeid=104
Papoo Papoo 3.6.1
-
Papoo Patch Versionen 3.6.1.zip
http://www.papoo.de/index.php?menuid=44&downloadid=205&reporeid=104
Papoo Papoo 3.7
-
Papoo Patch Version 370.zip
http://www.papoo.de/index.php?menuid=44&downloadid=207&reporeid=104
Papoo Papoo 3.7.1
-
Papoo Patch Versionen 3.7.x.zip
http://www.papoo.de/index.php?menuid=44&downloadid=206&reporeid=104
References
Papoo 'suchanzahl' Parameter SQL Injection Vulnerability
References:
References:
- HIO-2008-0810 Papoo CMS SQLi (HolisticInfoSec.org)
- Papoo CMS Homepage (Papoo)
- Security Patch 11.08.2008 (Papoo)