Lucene search

K

Message Board / Threaded Discussion Forum - 'Sign_In.aspx' SQL Injection

๐Ÿ—“๏ธย 28 Jul 2007ย 00:00:00Reported byย Aria-Security TeamTypeย 
exploitdb
ย exploitdb
๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 18ย Views

Message Board / Forum 'Sign_In.aspx' SQL Injection vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2007-4110
31 Jul 200710:00
โ€“cvelist
CVE
CVE-2007-4110
31 Jul 200710:17
โ€“cve
NVD
CVE-2007-4110
31 Jul 200710:17
โ€“nvd
Prion
Sql injection
31 Jul 200710:17
โ€“prion
source: https://www.securityfocus.com/bid/25113/info

Message Board / Threaded Discussion Forum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script:

anything' OR 'x'='x 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
28 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.004
18
.json
Report