PHP Prayer Board prayerboard_db.php SQL Injection

2003-10-06T06:58:45
ID OSVDB:3865
Type osvdb
Reporter Andrew Ziem(ahziem1@mailbolt.com)
Modified 2003-10-06T06:58:45

Description

Vulnerability Description

PHP Prayer Board contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in the prayerboard_db.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 0.52 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP Prayer Board contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in the prayerboard_db.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://phpprayerboard.sourceforge.net/ Vendor Specific Advisory URL Secunia Advisory ID:9939 Related OSVDB ID: 3860 ISS X-Force ID: 13497 Bugtraq ID: 8774