vendor:
N/A
by:
str0ke-D3ng3siz-pc faresi-s@bun-Hayalet-Turque-
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
ASPapp KnowledgeBase (content_by_cat.asp?catid) SQL Injection Vulnerability
The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'catid' parameter to the 'content_by_cat.asp' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information stored in the database, modify data, execute administration operations, etc.
Mitigation:
Input validation should be used to prevent SQL injection attacks. It is recommended to use parameterized queries (prepared statements) instead of dynamic queries.
