vendor:
PHP Coupon Script
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
Blind-Injection
89
CWE
Product Name: PHP Coupon Script
Affected Version From: 6
Affected Version To: 6
Patch Exists: NO
Related CWE: N/A
CPE: a:couponscript:php_coupon_script:6.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
PHP Coupon Script
The vulnerability exists in the 'index.php' page of the PHP Coupon Script version 6.0, which allows an attacker to inject malicious SQL queries via the 'bus' parameter. An attacker can use the substring() function to check the version of the database and inject malicious SQL queries.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should also be configured to use parameterized queries.