vendor:
HD FLV Player
by:
Claudio Viviani
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: HD FLV Player
Affected Version From: 2.1.0.1 and below
Affected Version To: 2.1.0.1 and below
Patch Exists: YES
Related CWE: N/A
CPE: a:hdflvplayer:hd_flv_player
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: BackBox 3.x/4.x
2014
Joomla HD FLV 2.1.0.1 and below SQL Injection
The variable 'id' is not sanitized, allowing for an attacker to inject malicious SQL code into the vulnerable application. Over 80,000 downloads of the software have been reported on the official website.
Mitigation:
Input validation should be used to prevent SQL injection attacks.
