Dir2web3 Mutiple Vulnerabilities

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...

CVE-2012-4070

CVE-2012-4070 affects Dir2web v3.0. Vulnerable component: system/src/dispatcher.php. The oid parameter in the homepage action to index.php enables SQL injection, allowing remote arbitrary SQL execution. Root cause: insufficient input validation in dispatcher.php; Patch guidance: replace the GET/P...

CVE-2012-4070

SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...

CVE-2012-4070

creationtimestamp| type| source ---|---|--- 2012-08-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/37581...

Dir2web3 3.0 SQL Injection / Information Disclosure

Title: ====== Dir2web3 Multiple Vulnerabilities Date: ===== 05/08/2012 Author: ======= Daniel Correa http://www.sinfocol.org/ Vulnerable software: ==================== Dir2web v3.0 http://www.dir2web.it/ CVE: ==== CVE-2012-4069 CVE-2012-4070 Details: ======== There are two vulnerabilities...