Land Down Under (LDU) plug.php h Parameter SQL Injection

2004-10-30T06:15:07
ID OSVDB:11302
Type osvdb
Reporter Positive Technologies(pt@ptsecurity.ru)
Modified 2004-10-30T06:15:07

Description

Vulnerability Description

Land Down Under contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "h" variable in the plug.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Neocrome has released a patch to address this vulnerability.

Short Description

Land Down Under contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "h" variable in the plug.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor Specific Advisory URL Security Tracker: 1012015 Secunia Advisory ID:13034 Related OSVDB ID: 11300 Related OSVDB ID: 11299 Related OSVDB ID: 11301 Other Advisory URL: http://www.ptsecurity.ru/advisory.asp Other Advisory URL: http://www.neocrome.net/index.php?msingle&id91 ISS X-Force ID: 17912 CVE-2004-2669 Bugtraq ID: 11569