header-logo
Suggest Exploit
vendor:
PHP Gift Registry
by:
G13
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Gift Registry
Affected Version From: 1.5.5
Affected Version To: 1.5.5
Patch Exists: No
Related CWE: N/A
CPE: a:phpgiftreg:php_gift_registry:1.5.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2012

PHP Gift Registry 1.5.5 SQL Injection

The userid parameter in the users.php file is vulnerable to SQL Injection. A user must be signed in to exploit this.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a SQL query.
Source

Exploit-DB raw data:

# Exploit Title: PHP Gift Registry 1.5.5 SQL Injection
# Date: 02/22/12
# Author: G13
# Software Link: https://sourceforge.net/projects/phpgiftreg/
# Version: 1.5.5
# Category: webapps (php)
#

##### Vulnerability #####

The userid parameter in the users.php file is vulnerable to SQL 
Injection.

A user must be signed in to exploit this.

##### Exploit #####

http://localhost/phpgiftreg/users.php?action=edit&userid=[SQLi]

Navigation

Suggest Exploit

Services By CQR