header-logo
Suggest Exploit
vendor:
ReviewPost PHP Pro
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ReviewPost PHP Pro
Affected Version From: 2.5.2001
Affected Version To: 2.5.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:reviewpost:reviewpost_php_pro
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple SQL Injection Vulnerabilities in ReviewPost PHP Pro

It has been reported that ReviewPost PHP Pro may be prone to multiple SQL injection vulnerabilities that may allow an attacker to influence SQL query logic. This issue could be exploited to disclose sensitive information that may be used to gain unauthorized access. An attacker may pass malicious data via the 'product' parameter of 'showproduct.php' script and the 'cat' parameter of 'showcat.php' script.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9574/info
 
It has been reported that ReviewPost PHP Pro may be prone to multiple SQL injection vulnerabilities that may allow an attacker to influence SQL query logic. This issue could be exploited to disclose sensitive information that may be used to gain unauthorized access. An attacker may pass malicious data via the 'product' parameter of 'showproduct.php' script and the 'cat' parameter of 'showcat.php' script.
 
Although unconfirmed, ReviewPost PHP Pro 2.5.1 and prior may be prone to these issues.

http://www.example.com/directory/showcat.php?cat=[query]

Navigation

Suggest Exploit

Services By CQR