Bigware Shop 'main_bigware_43.php' SQL Injection Vulnerability
BID:51640
Info
Bigware Shop 'main_bigware_43.php' SQL Injection Vulnerability
| Bugtraq ID: | 51640 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-5317 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2012 12:00AM |
| Updated: | Oct 10 2012 06:20PM |
| Credit: | rwenzel of DW IT-Security. |
| Vulnerable: |
bigware.de Bigware Shop 2.14 |
| Not Vulnerable: |
bigware.de Bigware Shop 2.15 |
Discussion
Bigware Shop 'main_bigware_43.php' SQL Injection Vulnerability
Bigware Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Bigware Shop versions prior to 2.15 are vulnerable.
Bigware Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Bigware Shop versions prior to 2.15 are vulnerable.
Exploit / POC
Bigware Shop 'main_bigware_43.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Bigware Shop 'main_bigware_43.php' SQL Injection Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
Bigware Shop 'main_bigware_43.php' SQL Injection Vulnerability
References:
References:
- Vendor Homepage (bigware.de)
- SQL injection in Bigware shop software (dw IT-Security)