vendor:
Active Link Engine
by:
CyberGhost
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Active Link Engine
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Active Link Engine Remote SQL Injection Vulnerability
The Active Link Engine script is vulnerable to a remote SQL injection attack. An attacker can manipulate the 'catid' parameter to inject malicious SQL code and retrieve sensitive information from the database. The attacker can also bypass authentication and gain unauthorized access to the admin panel.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Additionally, the vendor should release a patch to fix this vulnerability.