vendor:
Aktueldownload Haber scripti
by:
xoron
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Aktueldownload Haber scripti
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability
The vulnerability allows an attacker to perform a SQL injection attack on the Aktueldownload Haber scripti (id) through the HaberDetay.asp page. By manipulating the 'id' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks.