vendor:
MyAnnonces
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MyAnnonces
Affected Version From: 1.8
Affected Version To: 1.8
Patch Exists: YES
Related CWE: N/A
CPE: a:exv2:myannonces:1.8
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Powered by eXV2 MyAnnonces 1.8 SQL Injection
A vulnerability exists in eXV2 MyAnnonces 1.8 which allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'lid' parameter in the 'modules/MyAnnonces/annonces-p-f.php' script. This can be exploited to disclose the admin password and username.
Mitigation:
Upgrade to the latest version of eXV2 MyAnnonces 1.8