Sql injection

2008-01-2220:00:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.5%

JSON

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to © admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
alitalkeq1.9.1.1

CPE	Name	Operator	Version
	alitalk	eq	1.9.1.1

References

secunia.com/advisories/28515

www.securityfocus.com/bid/27315

exchange.xforce.ibmcloud.com/vulnerabilities/39733

exchange.xforce.ibmcloud.com/vulnerabilities/39735

exchange.xforce.ibmcloud.com/vulnerabilities/39736

exchange.xforce.ibmcloud.com/vulnerabilities/39745

www.exploit-db.com/exploits/4922