vendor:
game.php
by:
CoBRa_21
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: game.php
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
Eyeland Studio Inc. (game.php) SQL Injection Vulnerability
A SQL injection vulnerability exists in Eyeland Studio Inc. game.php script, which allows an attacker to execute arbitrary SQL commands on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'game.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can allow an attacker to gain unauthorized access to the vulnerable system and execute arbitrary SQL commands.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to construct SQL commands that are executed by the application. Additionally, parameterized queries should be used to ensure that user-supplied input is not directly used in SQL commands.
