GestDown catdownload.php categorie Variable SQL Injection

2007-12-08T00:00:00
ID OSVDB:39510
Type osvdb
Reporter OSVDB
Modified 2007-12-08T00:00:00

Description

Vulnerability Description

GestDown contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'catdownload.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.toocharger.com/fiches/scripts/gestdown/4961.htm Related OSVDB ID: 39512 Related OSVDB ID: 39510 Related OSVDB ID: 39511 ISS X-Force ID: 38945 CVE-2007-6373 Bugtraq ID: 26799