PhpMyFactures tva/index.php id_taux Variable SQL Injection

2006-06-10T10:18:58
ID OSVDB:26473
Type osvdb
Reporter DarkFig(gmdarkfig@gmail.com)
Modified 2006-06-10T10:18:58

Description

Vulnerability Description

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the tva/index.php script not properly sanitizing user-supplied input to the 'id_taux' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PhpMyFactures contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the tva/index.php script not properly sanitizing user-supplied input to the 'id_taux' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/tva/index.php?action=delete&id_taux=1"[SQL_SELECT]

References:

Vendor URL: http://www.comscripts.com/scripts/php.phpmyfactures.1475.html Secunia Advisory ID:20642 Related OSVDB ID: 26474 Related OSVDB ID: 26470 Related OSVDB ID: 26471 Related OSVDB ID: 26475 Related OSVDB ID: 26478 Related OSVDB ID: 26467 Related OSVDB ID: 26468 Related OSVDB ID: 26472 Related OSVDB ID: 26486 Related OSVDB ID: 26469 Related OSVDB ID: 26476 Related OSVDB ID: 26477 Other Advisory URL: http://www.acid-root.new.fr/advisories/phpmyfactures.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0248.html CVE-2006-3090