vendor:
KwsPHP
by:
S4mi
N/A
CVSS
N/A
login.php Remote SQL injection
89
CWE
Product Name: KwsPHP
Affected Version From: KwsPHP ver 1.0
Affected Version To: KwsPHP ver 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Unknown
KwsPHP ver 1.0
This exploit allows remote SQL injection in the login.php script of KwsPHP ver 1.0 when magic_quotes_gpc is turned off. It retrieves the admin information including the username and password.
Mitigation:
Enable magic_quotes_gpc or sanitize user input to prevent SQL injection attacks.
