Attila PHP 3.0 - SQL Injection Unauthorized Privileged Access Vulnerability

ID SSV:76848
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


An SQL injection vulnerability has been reported in Attila PHP that could allow an attacker to gain unauthorized privileged access to a target site. This could be accomplished by requesting a URI including parameters designed to influence the results of specific user verification checks. Privileged access to a site implementing Attila PHP could allow an attacker to gain sensitive information or launch other attacks. 

Set the URI parameter "cook_id" to the value "0 OR visiteur=1" in a request to