header-logo
Suggest Exploit
vendor:
Pre Studio Business Cards Designer
by:
dr_zig
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Pre Studio Business Cards Designer
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2011-4456
CPE: a:preprojects:pre_studio_business_cards_designer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2011

Pre Studio Business Cards Designer SQL Injection Vulnerability

Pre Studio Business Cards Designer is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Upgrade to the latest version of Pre Studio Business Cards Designer.
Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit Title: Pre Studio Business Cards Designer SQL Injection Vulnerability
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author: dr_zig
Date: 20-10-2011
Software Link: http://www.preprojects.com/card.asp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

proof of concept:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://example.com/prestudio/page.php?id=[SQL Injection]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Navigation

Suggest Exploit

Services By CQR