AjaxPortal Search Field SQL Injection

2006-07-08T09:19:21
ID OSVDB:27068
Type osvdb
Reporter trueend5(trueend5@kapda.ir)
Modified 2006-07-08T09:19:21

Description

Vulnerability Description

AjaxPortal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Search' field during a search. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AjaxPortal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Search' field during a search. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://myiosoft.com/ Secunia Advisory ID:20985 Related OSVDB ID: 27067 Keyword: KAPDA::#46 ISS X-Force ID: 27644 CVE-2006-3666