xbtit 'functions.php' SQL Injection Vulnerability
BID:39372
Info
xbtit 'functions.php' SQL Injection Vulnerability
| Bugtraq ID: | 39372 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2010 12:00AM |
| Updated: | May 07 2010 04:52PM |
| Credit: | InATeam |
| Vulnerable: |
BtiTeam xbtit 2.0.0 revision 559 |
| Not Vulnerable: | |
Discussion
xbtit 'functions.php' SQL Injection Vulnerability
xbtit is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
xbtit is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
xbtit 'functions.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit is available:
Attackers can use a browser to exploit this issue.
The following exploit is available:
Solution / Fix
xbtit 'functions.php' SQL Injection Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.