header-logo
Suggest Exploit
vendor:
Xoops Mylinks module
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Xoops Mylinks module
Affected Version From: Xoops 2.0.17.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Xoops Mylinks module SQL Injection Vulnerability

The Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.

Mitigation:

It is recommended to sanitize user-supplied input before using it in SQL queries to prevent SQL-injection attacks. The vendor should release a patch to fix this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26392/info

Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting this vulnerability could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.

Xoops 2.0.17.1 is vulnerable; other versions may also be affected. 

http://www.example.com.com/modules/mylinks/brokenlink.php?lid=1%20OR%201=2

Navigation

Suggest Exploit

Services By CQR