vendor:
OPAC EasyWeb Five
by:
Dino Barlattani
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: OPAC EasyWeb Five
Affected Version From: 5.7
Affected Version To: 5.7
Patch Exists: NO
Related CWE: N/A
CPE: a:nexusfi:opac_easyweb_five:5.7
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: PHP
2018
OPAC EasyWeb Five 5.7 – ‘biblio’ SQL Injection
A SQL injection vulnerability exists in OPAC EasyWeb Five 5.7. An attacker can send a malicious SQL query to the vulnerable parameter 'biblio' in the 'index.php' script to execute arbitrary SQL commands in the back-end database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. Sanitize all user input to ensure that it conforms to the expected format, using whitelists to define all allowed inputs.
