vendor:
nconf
by:
2013
The nconf application is vulnerable to blind SQL injection in the 'id' parameter of the 'detail.php' and 'detail_admin_items.php' files. An attacker can exploit this vulnerability using tools like sqlmap. The injection allows an attacker to execute arbitrary SQL queries on the database.
CVSS
N/A
detail_admin_items.php blind injection
CWE
Product Name: nconf
Affected Version From: NO
Affected Version To: nconf 1.3
Patch Exists: To mitigate this vulnerability, the developer should sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL injection attacks.
Related CWE: haidao
CPE: nconf 1.3
Metasploit:
https://www.exploit-db.com/raw/24269
Platforms Tested: nconf
CRITICAL
nconf detail.php
Blind SQL Injection
Mitigation:
89
