vendor:
6rbScript
by:
Hussin X
9
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: 6rbScript
Affected Version From: V3.3
Affected Version To: V3.3
Patch Exists: NO
Related CWE: N/A
CPE: 6rbscript
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
6rbScript V3.3 (singerid) Remote SQL Injection Vulnerability
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The attacker can use the ‘singerid’ parameter to inject malicious SQL code into the application. This can allow the attacker to gain access to the database and potentially execute arbitrary code on the server.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.