vendor:
N/A
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
n/a
PHP auctions
The vulnerability exists in the viewfaqs.php script, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the substring() function to check the version of the database and determine if the query is true or false.
Mitigation:
Input validation should be used to prevent malicious SQL injection attacks.