vendor:
WBB2-Addon: Acrotxt v1
by:
D4m14n
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: WBB2-Addon: Acrotxt v1
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
WBB2-Addon: Acrotxt v1 (show) Remote SQL Injection
This vulnerability allows an attacker to perform SQL injection by manipulating the 'show' parameter in the acrotxt.php file. The attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database.
Mitigation:
To mitigate this vulnerability, the developer should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks. Additionally, input validation and proper error handling should be implemented.