vendor:
Azaronline Design
by:
XroGuE
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Azaronline Design
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
Azaronline Design SQL Injection Vulnerability
The vulnerability exists in the Azaronline Design web application, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the news.php, sgallery.php, etc. scripts. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious SQL query to the vulnerable parameter. This can allow the attacker to gain access to sensitive information from the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.
