APT-WEBSHOP-SYSTEM modules.php SQL injection

vendor:

APT-WEBSHOP-SYSTEM

by:

secret

CVSS

HIGH

SQL Injection

CWE

Product Name: APT-WEBSHOP-SYSTEM

Affected Version From: 3.0

Affected Version To: 3.0

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: cpe:a:apt-ebusiness:apt-webshop-system:3.0

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

APT-WEBSHOP-SYSTEM modules.php SQL injection

A SQL injection vulnerability exists in the APT-WEBSHOP-SYSTEM v3.0 web application. The vulnerability is due to improper sanitization of user-supplied input in the 'id' parameter of the 'modules.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database.

Mitigation:

Upgrade to the latest version of APT-WEBSHOP-SYSTEM.

Source

Exploit-DB raw data:

===============================================
APT-WEBSHOP-SYSTEM modules.php SQL injection
=============================================== 

  ____ ____ _____ ___   ____ ______   ____ ___   ___    _  __
  / __// __// ___// _ \ / __//_  __/  /  _// _ \ / _ |  / |/ /
 _\ \ / _/ / /__ / , _// _/   / /    _/ / / , _// __ | /    / 
/___//___/ \___//_/|_|/___/  /_/____/___//_/|_|/_/ |_|/_/|_/  
                               /___/                          

####################################################
# APT-WEBSHOP-SYSTEM modules.php SQL injection
####################################################
# Discovered by : secret
# Site          : http://swissfaking.net
# Dork          : powered by apt-webservice ;apt-webshop-system v3.0
# Vendor        : http://www.apt-ebusiness.com

# Exploit       : [site]/shop/modules.php?warp=artikel&group=x&seite=x&id=xxx(SQLINJECTION)


########################################################################################