header-logo
Suggest Exploit
vendor:
PHP TopSites
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP TopSites
Affected Version From: PHP TopSites 1.0
Affected Version To: PHP TopSites 1.0
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: a:phptopsites:phptopsites:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

A vulnerability has been discovered in PHP TopSites

PHP TopSites is vulnerable to SQL injection due to insufficient sanitization of user-supplied URI parameters. An attacker can embed malicious SQL commands into certain page requests, which can be used to disclose another user's private information.

Mitigation:

Input validation should be used to ensure that user-supplied URI parameters are properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6625/info

A vulnerability has been discovered in PHP TopSites. Due to insufficient sanitization of user-supplied URI parameters it is possible for an attacker to embed SQL commands into certain page requests. This may result in another users private information being disclose to an attacker.

http://examplewebsite.com/topsitesdirectory/edit.php?a=pre&submit=&sid=siteidnumber--

Navigation

Suggest Exploit

Services By CQR