vendor:
Musicbox Version 2.3.8
by:
Snakespc
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Musicbox Version 2.3.8
Affected Version From: 2.3.2008
Affected Version To: 2.3.2008
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:musicboxv2:musicbox_v2:2.3.8
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
Script: Musicbox Version 2.3.8 Remote SQL Injection Vulnerability
This vulnerability allows an attacker to inject malicious SQL code into the vulnerable application. In this case, the vulnerable application is Musicbox Version 2.3.8. The exploit code allows an attacker to extract usernames and passwords from the application's database.
Mitigation:
The application should be updated to the latest version and input validation should be implemented to prevent malicious SQL code from being injected.