php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
BID:69270
Info
php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
| Bugtraq ID: | 69270 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5458 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 17 2014 12:00AM |
| Updated: | Aug 27 2014 12:23AM |
| Credit: | Scott Arciszewski |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
php-sqrl is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
php-sqrl is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Exploit / POC
php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
An attacker can exploit this issue using a web browser and readily available tools.
An attacker can exploit this issue using a web browser and readily available tools.
Solution / Fix
php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
php-sqrl 'sqrl_verify.php' SQL Injection Vulnerabilitiy
References:
References: