vendor:
by:
D4real_TeaM ('unkn0wnX','n3t-mapper','ToxiC350')
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name:
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Unknown
phpwebquest
The script phpwebquest version 2.5 is vulnerable to SQL Injection. The injected file is webquest/soporte_derecha_w.php and the vulnerable variable is id_actividad. By exploiting this vulnerability, an attacker can retrieve sensitive information from the database.
Mitigation:
To mitigate this vulnerability, the developer should use parameterized queries or prepared statements to sanitize user inputs and prevent SQL injection attacks.
