vendor:
Messages Library
by:
Black Dream
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Messages Library
Affected Version From: Messages Library v2.0
Affected Version To: Messages Library v2.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2009
Messages Library v2.0 Cat.php SQL Injection Vulnerabilities
The Messages Library v2.0 Cat.php script is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the CatID parameter in the URL to inject malicious SQL code, potentially gaining unauthorized access to the database or executing arbitrary SQL queries.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Regular security audits and updates to the script should also be performed.