ITA Forum showuser.php SQL Injection

2005-01-16T15:58:21
ID OSVDB:12968
Type osvdb
Reporter RusH security team()
Modified 2005-01-16T15:58:21

Description

Vulnerability Description

ITA Forum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that input to the showuser.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Technical Description

Project is no longer supported.

"The ITA Forum Project is now closed for an undefinate period of time...No more support is given"

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ITA Forum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that input to the showuser.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.ita-studio.com/forum/ Secunia Advisory ID:13874 Related OSVDB ID: 13007 Related OSVDB ID: 12967 Related OSVDB ID: 13005 Related OSVDB ID: 13003 Related OSVDB ID: 13004 Other Advisory URL: http://www.securiteam.com/exploits/5AP0A1PELU.html Other Advisory URL: http://www.rst.void.ru/papers/advisory21.txt