Batavi 'ajax.php' SQL Injection Vulnerability
BID:51547
Info
Batavi 'ajax.php' SQL Injection Vulnerability
| Bugtraq ID: | 51547 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-0069 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2012 12:00AM |
| Updated: | Mar 08 2015 04:04PM |
| Credit: | Canberk BOLAT |
| Vulnerable: |
ICEshop Batavi 1.0 |
| Not Vulnerable: |
ICEshop Batavi 1.2.1 |
Discussion
Batavi 'ajax.php' SQL Injection Vulnerability
Batavi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to Batavi 1.2.1 are vulnerable.
Batavi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions prior to Batavi 1.2.1 are vulnerable.
Exploit / POC
Batavi 'ajax.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Batavi 'ajax.php' SQL Injection Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Batavi 'ajax.php' SQL Injection Vulnerability
References:
References:
- Batavi Download Page (Batavi)
- Batavi Homepage (ICEshop)
- CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReloa (Canberk BOLAT )