Pligg 'submit.php' Multiple SQL Injection Vulnerabilities
BID:31062
Info
Pligg 'submit.php' Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 31062 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-6968 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Omer Singer |
| Vulnerable: |
Pligg Pligg 9.9.5 |
| Not Vulnerable: | |
Discussion
Pligg 'submit.php' Multiple SQL Injection Vulnerabilities
Pligg is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pligg 9.9.5 is vulnerable; other versions may also be affected.
Pligg is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pligg 9.9.5 is vulnerable; other versions may also be affected.
Exploit / POC
Pligg 'submit.php' Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Pligg 'submit.php' Multiple SQL Injection Vulnerabilities
Solution:
A vendor fix has been committed to the Pligg SVN repository; please see the references for more information.
Solution:
A vendor fix has been committed to the Pligg SVN repository; please see the references for more information.
References
Pligg 'submit.php' Multiple SQL Injection Vulnerabilities
References:
References: