header-logo
Suggest Exploit
vendor:
NPDS Revolution
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: NPDS Revolution
Affected Version From: NPDS Revolution 10.02
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:npds:revolution:10.02
Metasploit:
Other Scripts:
Platforms Tested:

NPDS Revolution SQL Injection Vulnerability

The NPDS Revolution web application is prone to an SQL-injection vulnerability due to insufficient sanitization of user-supplied data before using it in an SQL query. This vulnerability can be exploited by an attacker to compromise the application, gain unauthorized access or modify data, and potentially exploit other latent vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, using prepared statements or parameterized queries can help protect against this type of vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40156/info

NPDS Revolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

NPDS Revolution 10.02 is vulnerable; other versions may also be affected. 

http://www.example.com/download.php?dcategory=All&sortby=%28select%20did%20from%20authors+where+aid=char%2897,100,109,105,110%29+and+substr%28pwd,1,1%29=char%2848%29%29+DESC--

Navigation

Suggest Exploit

Services By CQR