header-logo
Suggest Exploit
vendor:
SelfComposer
by:
Locu
7,5
CVSS
HIGH
SQL injection Vulnerability
N/A
CWE
Product Name: SelfComposer
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

SQL injection vulnerability in SelfComposer CMS

All the input passed via 'idprod', 'idpadrerif', 'idreferenza', 'idpadrerifIstituzionali' is not properly sanitised before being used in a sql query. Input validation of 'idprod', 'idpadrerif', 'idreferenza', 'idpadrerifIstituzionali' parameters should be corrected.

Mitigation:

Input validation of 'idprod', 'idpadrerif', 'idreferenza', 'idpadrerifIstituzionali' parameters should be corrected.
Source

Exploit-DB raw data:

*==== =={ Advisory 14/5/2010 } ======*

*SQL injection vulnerability in SelfComposer CMS
*

*Vendor's Description of Software:*

*# http://www.selfcomposer.it*

*Dork:*

*allinurl:"prodotti.asp?idpadrerif="*

*Application Info:*

*Name: *SelfComposer

*Vulnerability Info:*

*Type: *SQL injection Vulnerability

*Risk: High*

*Fix:*

*N/A*

*Time Table:*

*06/05/2010 - Vendor notified.*
*Additional Info:*

All the input passed via "idprod", "idpadrerif", "idreferenza",
"idpadrerifIstituzionali"
is not properly sanitised before being used in a sql query.

*Solution:*

Input validation of "idprod", "idpadrerif", "idreferenza",
"idpadrerifIstituzionali"
parameters should be corrected.

*Vulnerability:*

# http://[site]/scheda.asp?idprod=[SQLi]&idpadrerif=[SQLi]

# http://[site]/schedaistituzionale.asp?idreferenza=[SQLi]&idpadrerifIstituzionali=[SQLi]

*Credit:*

Discoverd By: Locu

Website: http://xlocux.wordpress.com

Contacts: xlocux[-at-]gmail.com

*============ {EOF} =============*

*
*

*Locu*

Navigation

Suggest Exploit

Services By CQR