header-logo
Suggest Exploit
vendor:
bcoos
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: bcoos
Affected Version From: 1.0.10
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: bcoos
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SQL Injection vulnerability in bcoos program

The 'bcoos' program is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, the application should properly sanitize user-supplied input before using it in SQL queries. Prepared statements or parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26664/info

The 'bcoos' program is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects bcoos 1.0.10; other versions may also be affected. 

http://www.example.com/modules/adresses/ratefile.php?lid=-1%20UNION%20SELECT%20pass%20FROM%20bcoos_users%20LIMIT%201

Navigation

Suggest Exploit

Services By CQR