vendor:
Script
by:
The_5p3ctrum
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Business Turnkey Arcade Script (index.php id) Remote SQL Vulnerability
A vulnerability in the Business Turnkey Arcade Script (index.php id) allows an attacker to inject arbitrary SQL commands. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The attacker can also use the vulnerability to gain access to the underlying file system and execute commands.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL statements.
