MaxWebPortal pic_toprated.asp SQL Injection

2005-04-27T04:24:33
ID OSVDB:16317
Type osvdb
Reporter Soroush Dalili(irsdl@yahoo.com)
Modified 2005-04-27T04:24:33

Description

Vulnerability Description

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to an unspecified variable in the 'pic_toprated.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, MaxWebPortal.com has released a patch to address this vulnerability.

Short Description

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to an unspecified variable in the 'pic_toprated.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.maxwebportal.com/ Vendor Specific Solution URL: http://www.maxwebportal.info/downloads/mwp_security_fixes.zip Vendor Specific News/Changelog Entry: http://www.maxwebportal.info/topic.asp?TOPIC_ID=2482&FORUM_ID=1&CAT_ID=1&Forum_Title=General+Chat&Topic_Title=Security+Update Security Tracker: 1013845 Secunia Advisory ID:15214 Secunia Advisory ID:15329 Related OSVDB ID: 16306 Related OSVDB ID: 16312 Related OSVDB ID: 16307 Related OSVDB ID: 16311 Related OSVDB ID: 16316 Related OSVDB ID: 16318 Related OSVDB ID: 16308 Related OSVDB ID: 16309 Related OSVDB ID: 16315 Related OSVDB ID: 16310 Related OSVDB ID: 16313 Related OSVDB ID: 16314 CVE-2005-1417 Bugtraq ID: 13466