header-logo
Suggest Exploit
vendor:
Aardvark Topsites PHP
by:
SecurityFocus
7.5
CVSS
HIGH
Information disclosure, path disclosure, SQL injection, and plaintext password weakness
89
CWE
Product Name: Aardvark Topsites PHP
Affected Version From: 4.1.2000
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple vulnerabilities in Aardvark Topsites PHP

Aardvark Topsites PHP version 4.1.0 has been reported to be prone to these issue, however other versions may be affected as well. Attackers can exploit these vulnerabilities by sending malicious requests to the vulnerable application, such as http://www.example.com/index.php?method=`, http://www.example.com/index.php?a=lostpw&set=1&id=`, http://www.example.com/index.php?a=lostpw&set=1&session_id=`

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in database queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9231/info

Multiple vulnerabilities have been identified in the software that include information disclosure, path disclosure, SQL injection, and a plaintext password weakness.

Aardvark Topsites PHP version 4.1.0 has been reported to be prone to these issue, however other versions may be affected as well.

http://www.example.com/index.php?method=`
http://www.example.com/index.php?a=lostpw&set=1&id=`
http://www.example.com/index.php?a=lostpw&set=1&session_id=`

Navigation

Suggest Exploit

Services By CQR