Multiple SQL-injection Vulnerabilities in couponZONE

vendor:

couponZONE

by:

SecurityFocus

7.5

CVSS

HIGH

SQL-injection

CWE

Product Name: couponZONE

Affected Version From: 4.2

Affected Version To: 4.2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Multiple SQL-injection Vulnerabilities in couponZONE

The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious SQL code. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17274/info

The couponZONE application is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Version 4.2 of couponZONE reported vulnerable. Other versions may be affected as well.

http://www.example.com/local.cfm?redir=listings&srchby=&companyid=[SQL]
http://www.example.com/local.cfm?redir=listings&srchby=ct&cat=&scat=[SQL]
http://www.example.com/local.cfm?redir=adv_details&coid=[SQL]