vendor:
PHP Link Directory Software
by:
BorN To K!LL - h4ck3r
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Link Directory Software
Affected Version From: n/a
Affected Version To: n/a
Patch Exists: NO
Related CWE: n/a
CPE: a:softbizsolutions:php_link_directory_software
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: n/a
n/a
PHP link Directory software SQL Injection Vulnerability
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'sbcat_id' parameter to '/showcats.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
Mitigation:
Input validation should be used to prevent SQL injection attacks.