AlmondSoft Multiple Classifieds Products index.php replid Parameter SQL Injection

ID SSV:86366
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


AlmondSoft Almond Classifieds is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AlmondSoft Almond Classifieds Enterprise, Pro, and WAP Editions are vulnerable.   and 1=1 <= TRUE   and 1=2 <= FALSE SUBSTRING(@@version,1,1)=5=> TRUE SUBSTRING(@@version,1,1)=5=> FALSE