vendor:
Social Network Script
by:
Snakespc
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Social Network Script
Affected Version From: 4.0.0
Affected Version To: 4.0.2
Patch Exists: YES
Related CWE: CVE-2010-4456
CPE: a:socialengine:social_network_script:4.0.2
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=52486, https://www.infosecmatter.com/nessus-plugin-library/?id=45372, https://www.infosecmatter.com/nessus-plugin-library/?id=57446, https://www.infosecmatter.com/nessus-plugin-library/?id=58325, https://www.infosecmatter.com/nessus-plugin-library/?id=41313, https://www.infosecmatter.com/nessus-plugin-library/?id=38642, https://www.infosecmatter.com/nessus-plugin-library/?id=53617
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2010
Social Network Remote SQL Injection Vulnerability
A vulnerability in Social Network Script allows an attacker to inject arbitrary SQL commands. This vulnerability is due to an error in the "index.php" script when handling the "id" parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Mitigation:
Upgrade to the latest version of Social Network Script
