vendor:
PHP Lowbids
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: PHP Lowbids
Affected Version From: n/a
Affected Version To: n/a
Patch Exists: NO
Related CWE: n/a
CPE: n/a
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: n/a
n/a
PHP Lowbids
The vulnerability exists in the viewfaqs.php file, which allows an attacker to inject malicious SQL queries into the application. The attacker can use the substring() function to check the version of the database and extract information from the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.