GestDown catdownload.php categorie Variable SQL Injection

ID OSVDB:39510
Type osvdb
Reporter OSVDB
Modified 2007-12-08T00:00:00


Vulnerability Description

GestDown contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'catdownload.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.


Vendor URL: Related OSVDB ID: 39512 Related OSVDB ID: 39510 Related OSVDB ID: 39511 ISS X-Force ID: 38945 CVE-2007-6373 Bugtraq ID: 26799