vendor:
PHP Email Manager
by:
MuShTaQ
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: PHP Email Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
PHP Email Manager < Remote SQL Injection Vulnerability >
A remote SQL injection vulnerability exists in the PHP Email Manager script. An attacker can exploit this vulnerability to gain access to the application and execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'ID' parameter in the 'remove.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the application and compromise of the underlying database.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL statements. Additionally, the application should be kept up-to-date with the latest security patches.
