vendor:
AstroSPACES
by:
TurkishWarriorr
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: AstroSPACES
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
AstroSPACES (profile.php) SQL
A vulnerability in the AstroSPACES profile.php script allows an attacker to inject arbitrary SQL commands. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter in the 'profile.php' script.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries.