vendor:
PHP Competition System BETA
by:
Mr.SQL
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Competition System BETA
Affected Version From: V0.84
Affected Version To: V0.84
Patch Exists: NO
Related CWE: N/A
CPE: a:phpcompet:php_competition_system_beta
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Remote SQL Injection Vulnerability ( show_matchs.php competition )
A vulnerability exists in PHP Competition System BETA <= V0.84, which allows an attacker to inject arbitrary SQL commands via the 'competition', 'season', and 'day' parameters in the show_matchs.php script. This can be exploited to read arbitrary data from the database, including passwords and emails.
Mitigation:
Input validation should be used to prevent SQL injection attacks.