header-logo
Suggest Exploit
vendor:
Categorizator
by:
Wad Deek
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Categorizator
Affected Version From: 0.3.1
Affected Version To: 0.3.1
Patch Exists: NO
Related CWE: N/A
CPE: a:lelogiciellibre:categorizator
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Xampp on Windows7
2016

Categorizator 0.3.1 | SQL Injection

Categorizator 0.3.1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, modify data, execute administration operations on the database, and potentially compromise the underlying system.

Mitigation:

Developers should always sanitize user input and use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Categorizator 0.3.1 | SQL Injection
# Date: 03/09/16
# Exploit Author: Wad Deek
# Vendor Homepage: http://lelogiciellibre.net/telecharger/annuaire-web.php
# Software Link: ftp://ftp2.lelogiciellibre.net/lelogiciellibre/annu/categorizator031.zip
# Version: 0.3.1
# Tested on: Xampp on Windows7
# Fuzzing tool: https://github.com/Trouiller-David/PHP-Source-Code-Analysis-Tools

################################################################
PoC : http://localhost/cms/categorizator/vote.php?id_site=1'
################################################################

Navigation

Suggest Exploit

Services By CQR