vendor:
TelebidauctionScript
by:
Hussin X
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: TelebidauctionScript
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
TelebidauctionScript(aid) Blind SQL Injection Vulnerability
TelebidauctionScript is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the 'aid' parameter of the 'allauctions.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The attacker can use the 'bsqlbf' tool to write detailed information.
Mitigation:
Input validation should be used to prevent SQL injection attacks.