w-Agora quicklist.php SQL Injection

2004-10-19T15:46:28
ID OSVDB:11252
Type osvdb
Reporter OSVDB
Modified 2004-10-19T15:46:28

Description

Vulnerability Description

w-Agora contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the user supplied input in the quicklist.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 4.1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

w-Agora contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the user supplied input in the quicklist.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.w-agora.net/ Vendor Specific News/Changelog Entry: http://www.w-agora.net/current/doc/ChangeLog