vendor:
Image Voting
by:
SKuLL-HacKeR
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Image Voting
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:plohni:image_voting:1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Image voting 1.0 Remote Sql injection
Image voting 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input in the 'show' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database and execution of arbitrary SQL commands.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized. All input should be validated and filtered before being passed to the SQL query.
