vendor:
EfesTECH Haber
by:
CyberGhost
5.5
CVSS
MEDIUM
Remote SQL Injection
89
CWE
Product Name: EfesTECH Haber
Affected Version From: 5
Affected Version To: 5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
EfesTECH Haber v5,0 Remote SQL Injection Vulnerability
The vulnerability allows an attacker to perform SQL injection by manipulating the 'id' parameter in the URL. By using a UNION SELECT statement, the attacker can retrieve sensitive information such as usernames and passwords from the database.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.