MyFAQ inssoustheme.php3 SousTheme Variable SQL Injection

2005-08-06T07:11:33
ID OSVDB:18645
Type osvdb
Reporter Personal Page(svt@svt.nukleon.us)
Modified 2005-08-06T07:11:33

Description

Vulnerability Description

MyFAQ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'inssoustheme.php3' script not properly sanitizing user-supplied input to the 'SousTheme' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MyFAQ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'inssoustheme.php3' script not properly sanitizing user-supplied input to the 'SousTheme' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://vpontier.free.fr/ Secunia Advisory ID:16366 Related OSVDB ID: 18646 Related OSVDB ID: 18644 Related OSVDB ID: 18641 Related OSVDB ID: 18647 Related OSVDB ID: 18648 Related OSVDB ID: 18649 Related OSVDB ID: 18639 Related OSVDB ID: 18640 Related OSVDB ID: 18642 Related OSVDB ID: 18643 Other Advisory URL: http://svt.nukleon.us/lab/svadvisory13.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0110.html Keyword: SVadvisory#13 ISS X-Force ID: 21745 CVE-2005-2561 Bugtraq ID: 14503