vendor:
Pet Listing Script
by:
Ihsan Sencan
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Pet Listing Script
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phpjabbers:pet_listing_script
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
Pet Listing Script v3.0 – SQL Injection
An attacker can exploit a SQL injection vulnerability in Pet Listing Script v3.0 to gain unauthorized access to the application. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'year_from' and 'year_to' parameters of the 'preview.php' script. An attacker can send malicious SQL queries to the application, allowing them to bypass authentication and gain access to sensitive data.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries.
