vendor:
Link Bid Script 1.5
by:
SirGod
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Link Bid Script 1.5
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Link Bid Script 1.5 Multiple Remote SQL Injection
Link Bid Script 1.5 is vulnerable to multiple remote SQL injection attacks. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameters are 'ucat' in upgrade.php and 'id' in edit.php.
Mitigation:
The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.