vendor:
GPS 1.2 Content Managing System
by:
ajann
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: GPS 1.2 Content Managing System
Affected Version From: GPS 1.2 Content Managing System
Affected Version To: GPS 1.2 Content Managing System
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
GPS 1.2 Content Managing System (print.asp) Remote SQL Injection Vulnerability
The vulnerability exists in the print.asp file of the GPS 1.2 Content Managing System, allowing an attacker to inject SQL queries through the 'id' parameter. This can lead to unauthorized access and retrieval of sensitive information from the userdb table.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, implementing parameterized queries or using prepared statements can help prevent SQL injection attacks.