vendor:
Aigaion
by:
Cody "CypherXero" Rester
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Aigaion
Affected Version From: 1.3.3 and below
Affected Version To: 1.3.2003
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Platforms Tested: Not specified
2007
Aigaion <= 1.3.3 SQL Injection Exploit
The Aigaion web application version 1.3.3 and below is vulnerable to SQL Injection. An attacker can exploit this vulnerability to obtain the admin username and MD5 hash. The exploit involves injecting malicious SQL code into the 'topic_id' parameter of the 'index.php?page=topic' URL. By manipulating the SQL query, the attacker can retrieve the admin login and password information.
Mitigation:
Upgrade Aigaion to a version higher than 1.3.3 that includes a fix for SQL Injection vulnerabilities. Alternatively, sanitize user input to prevent SQL Injection attacks.