vendor:
ClickTrackerASP
by:
R3d-D3v!L
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ClickTrackerASP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:pensacolawebdesigns:clicktracker_asp
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2009
REM0TE SQL !NJEC7!0N Vulnerability
A remote SQL injection vulnerability exists in the sitedetails.asp page of the ClickTrackerASP software. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL code to the vulnerable page. This can allow the attacker to gain access to sensitive information stored in the database, such as passwords.
Mitigation:
Input validation should be used to prevent malicious SQL code from being executed. Additionally, the database should be configured to use the least privileged user account with access to the database.