vendor:
Active Trade 2.0
by:
Hussin X
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Active Trade 2.0
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A
Active Trade 2.0(default.asp) Blind SQL Injection Vulnerability
Active Trade 2.0 is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'catid' in the default.asp page. This can be exploited to gain access to the database and potentially gain access to sensitive information.
Mitigation:
Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection attacks.