vendor:
CascadianFAQ
by:
ajann
7.5
CVSS
HIGH
Remote Blind SQL Injection
89
CWE
Product Name: CascadianFAQ
Affected Version From: CascadianFAQ <= 4.1
Affected Version To: CascadianFAQ <= 4.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability
The vulnerability exists in the index.php file of CascadianFAQ version 4.1 and earlier. By manipulating the catid parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database. An example of a working exploit is provided in the text.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of CascadianFAQ or apply appropriate input sanitization to the catid parameter.