vendor:
Top Site List
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Top Site List
Affected Version From: 1.1 RC 2
Affected Version To: 1.1 RC 2
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
SQL Injection Vulnerability in Top Site List
It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due to insufficient sanitizing of the 'id' URI parameter when using the 'comments' feature in 'index.php' script.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.