Eskolar CMS download_backup.php SQL Injection

2006-07-18T09:18:58
ID OSVDB:27394
Type osvdb
Reporter Jacek Wlodarczyk(jacekwlo@gmail.com)
Modified 2006-07-18T09:18:58

Description

Vulnerability Description

Eskolar CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the download_backup.php script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Eskolar CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the download_backup.php script not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://sourceforge.net/projects/eskolar/ Related OSVDB ID: 27392 Related OSVDB ID: 27395 Related OSVDB ID: 27396 Related OSVDB ID: 27398 Related OSVDB ID: 27393 Related OSVDB ID: 27391 Related OSVDB ID: 27397 Related OSVDB ID: 27399 Generic Exploit URL: http://milw0rm.com/exploits/2032 CVE-2006-3727 Bugtraq ID: 19045