vendor:
AJ Auction
by:
ajann
7.5
CVSS
HIGH
Remote Blind SQL Injection
CWE
Product Name: AJ Auction
Affected Version From: All versions of AJ Auction script
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
AJ Auction All Version (subcat.php) Remote BLIND SQL Injection Exploit
This exploit allows an attacker to perform a blind SQL injection attack on the AJ Auction All Version subcat.php script. By manipulating the 'cate_id' parameter, the attacker can retrieve sensitive information from the database, such as usernames and passwords.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of the AJ Auction script.