Magic List Pro view_archive.cfm ListID Parameter SQL Injection

2005-12-08T00:00:00
ID EDB-ID:26763
Type exploitdb
Reporter r0t
Modified 2005-12-08T00:00:00

Description

Magic List Pro view_archive.cfm ListID Parameter SQL Injection. CVE-2005-4073. Webapps exploit for cfm platform

                                        
                                            source: http://www.securityfocus.com/bid/15774/info

CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.

These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and conduct cross-site scripting attacks.

Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior are vulnerable.

Other versions of these applications may also be affected. 

http://www.example.com/view_archive.cfm?ListID=[SQL]