vendor:
dotProject
by:
Metin Yunus Kandemir (kandemir)
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: dotProject
Affected Version From: 2.1.9
Affected Version To: 2.1.9
Patch Exists: NO
Related CWE: N/A
CPE: a:dotproject:dotproject:2.1.9
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Xampp for Windows
2019
dotProject 2.1.9 – Multiple Sql Injection (Poc)
dotProject 2.1.9 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities by sending malicious payloads to the vulnerable parameter 'event_id' in the POST request. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
