Multiple SQL Injection Vulnerabilities in WSN Knowledge Base

vendor:

WSN Knowledge Base

by:

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: WSN Knowledge Base

Affected Version From: 1.2.2000

Affected Version To: 1.2.2000

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple SQL Injection Vulnerabilities in WSN Knowledge Base

WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues occur due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate user-supplied input before using it in SQL queries. Implementing parameterized queries or prepared statements can also help prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15656/info

WSN Knowledge Base is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Versions 1.2.0 and prior are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/index.php?action=displaycat&catid=1[SQL]

http://www.example.com/index.php?todo=orderlinks&action=displaycat&
catid=1&orderlinks=id&ascdesc=desc&perpage=1[SQL]

http://www.example.com/index.php?todo=orderlinks&action=displaycat&
catid=1&orderlinks=id&ascdesc=1[SQL]

http://www.example.com/index.php?todo=orderlinks&action=displaycat&
catid=1&orderlinks=[SQL]