vendor:
SFS EZ Auction
by:
Mountassif Moad
7.5
CVSS
HIGH
Blind Sql Injection
89
CWE
Product Name: SFS EZ Auction
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
SFS EZ Auction Remote Blind sql injection
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'cat' parameter in 'viewfaqs.php' script. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability can result in compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Mitigation:
Input validation should be used to prevent the exploitation of this vulnerability.
