header-logo
Suggest Exploit
vendor:
PageDirector
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PageDirector
Affected Version From: All versions of Customer Paradigm PageDirector
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

SQL Injection Vulnerability in Customer Paradigm PageDirector

The Customer Paradigm PageDirector is susceptible to an SQL injection vulnerability. This vulnerability occurs because the application fails to properly sanitize user-supplied input before using it in an SQL query. By exploiting this vulnerability, an attacker can compromise the application, gain unauthorized access or modify data, and potentially exploit other vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement input validation and parameterized queries to sanitize user-supplied input before using it in SQL queries. Regular security updates and patches should also be applied to the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41184/info

Customer Paradigm PageDirector is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/index.php?id=UniOn+AlL+SelEct+group_concat(username,0x3e,password)+from+admin--

Navigation

Suggest Exploit

Services By CQR