vendor:
WebChat
by:
S@BUN
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: WebChat
Affected Version From: 1.6
Affected Version To: 1.6
Patch Exists: NO
Related CWE: N/A
CPE: a:exv2:webchat
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: eXV2
2006
Powered by eXV2 WebChat 1.60 SQL Injection
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'roomid' parameter of 'index.php' script. A remote attacker can send a specially crafted HTTP request with malicious SQL statements to the vulnerable script and execute arbitrary SQL commands in application's database. This can allow the attacker to gain access to sensitive data, modify or delete records in the database, execute administration operations on the system, etc.
Mitigation:
Input validation should be used to prevent the exploitation of this vulnerability. The application should sanitize user-supplied input before using it in SQL queries.
