AdRotate library/clicktracker.php track Parameter SQL Injection

2014-03-04T00:00:00
ID E-361
Type dsquare
Reporter Dsquare Security
Modified 2014-01-23T00:00:00

Description

AdRotate contains a flaw that may allow carrying out an SQL injection attack.The issue is due to the library/clicktracker.php script not properly sanitizing user-supplied input to the 'track' parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Vulnerability Type: SQL Injection

                                        
                                            For the exploit source code contact DSquare Security sales team.