vendor:
Penny auction version - 5
by:
3spi0n
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Penny auction version - 5
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Platforms Tested: Not mentioned
Not mentioned
Penny auction version – 5, SQLi Vulnerabilities
The vulnerability exists in the 'show' parameter of the 'index.php' file. An attacker can exploit this by injecting SQL queries in the 'id' parameter, potentially allowing unauthorized access to the database.
Mitigation:
The developer should use prepared statements or parameterized queries to prevent SQL injection attacks. User input should be properly sanitized and validated before using it in SQL queries.