header-logo
Suggest Exploit
vendor:
Ohesa Emlak Portal
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ohesa Emlak Portal
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2007-2680
CPE: a:ohesa:ohesa_emlak_portal:1.0
Metasploit:
Other Scripts:
Platforms Tested:
2007

Ohesa Emlak Portal SQL Injection Vulnerabilities

Multiple SQL-injection vulnerabilities in Ohesa Emlak Portal allow remote attackers to execute arbitrary SQL commands via the Emlak parameter in (1) detay.asp, (2) emlak.asp, (3) emlak_detay.asp, (4) emlak_ara.asp, and (5) emlak_ara_detay.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Mitigation:

Input validation and parameterized queries should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25880/info
 
Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query.
 
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
Ohesa Emlak Portal 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/detay.asp?Emlak=[SQL]

Navigation

Suggest Exploit

Services By CQR