DCP-Portal informer.php dcp5_member_id Cookie Variable SQL Injection

2005-12-11T04:21:19
ID OSVDB:22026
Type osvdb
Reporter Stanford University(php-checker@glide.stanford.edu)
Modified 2005-12-11T04:21:19

Description

Vulnerability Description

DCP-Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the informer.php script not properly sanitizing user-supplied input to the 'dcp5_member_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

The 'dcp5_member_id' variable must be exploited via a Cookie.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DCP-Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the informer.php script not properly sanitizing user-supplied input to the 'dcp5_member_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.dcp-portal.org/ Related OSVDB ID: 22021 Related OSVDB ID: 22020 Related OSVDB ID: 22018 Related OSVDB ID: 22022 Related OSVDB ID: 22024 Related OSVDB ID: 22025 Related OSVDB ID: 22030 Related OSVDB ID: 22017 Related OSVDB ID: 22019 Related OSVDB ID: 22023 Related OSVDB ID: 22027 Related OSVDB ID: 22028 Related OSVDB ID: 22029 Related OSVDB ID: 22031 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0126.html Keyword: PHP-CHECKER FrSIRT Advisory: ADV-2005-2863 CVE-2005-4227