vendor:
Webmatic
by:
High-Tech Bridge Security Research Lab
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Webmatic
Affected Version From: 3.1.1
Affected Version To: 3.1.1
Patch Exists: NO
Related CWE: CVE-2012-3350
CPE: valarsoft.com:webmatic
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2012
Blind SQL Injection in Webmatic: CVE-2012-3350
Input passed via the "Referer:" field of the HTTP header to index.php is not properly sanitised before being used in SQL query resulting in SQL injection. However the SQL injection is blind and shall be exploited by a time-based technique, or any other, suitable for blind SQL injection exploitation.
Mitigation:
Edit the application source code to ensure that input is properly sanitised.
