Sql injection

2010-04-1320:30:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.7%

JSON

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

CPENameOperatorVersion
fan_clubeq1.0

CPE	Name	Operator	Version
	fan_club	eq	1.0

References

4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/

packetstormsecurity.org/1002-exploits/uigafc-sql.txt

secunia.com/advisories/38756

www.vupen.com/english/advisories/2010/0487

www.exploit-db.com/exploits/11600