vendor:
Domain Seller Pro�
by:
TR-ShaRk
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Domain Seller Pro�
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE: N/A
CPE: a:domainsellerpro:domain_seller_pro
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Domain Seller Pro� v1.5 SQL Injection Vulnerability
A SQL injection vulnerability exists in Domain Seller Pro� v1.5. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. This vulnerability affects the 'index.php' script and is triggered when the 'id' parameter is supplied with a maliciously crafted value. This can be exploited to inject arbitrary SQL code in the applications' back-end database, allowing for the manipulation of query results and the retrieval of sensitive data from the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
