Caregiver Script v2.57 – SQL Injection

vendor:

Caregiver Script

by:

Kaan KAMIS

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Caregiver Script

Affected Version From: 2.51

Affected Version To: 2.57

Patch Exists: YES

Related CWE: CVE-2017-5678

CPE: a:itechscripts:caregiver_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2017

Caregiver Script v2.57 – SQL Injection

An SQL Injection vulnerability in Caregiver Script allows attackers to read arbitrary administrator data from the database.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

Exploit Title: Caregiver Script v2.57 – SQL Injection
Date: 30.01.2017
Vendor Homepage: http://itechscripts.com/
Software Link: http://itechscripts.com/caregiver-script/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits

Overview

Caregiver Script 2.51 is the best solution to launch a portal for hiring people for babysitting and other care giving services in a hassle free manner.

Type of vulnerability:

An SQL Injection vulnerability in Caregiver Script allows attackers to read
arbitrary administrator data from the database.

Vulnerable Url:

http://locahost/searchJob.php?sitterService=1[payload]
Vulnerable parameter : sitterService
Mehod : GET