header-logo
Suggest Exploit
vendor:
PowerPortal
by:
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: PowerPortal
Affected Version From: PowerPortal 1.3
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:powerportal:powerportal:1.3
Metasploit:
Other Scripts:
Platforms Tested:

PowerPortal Remote SQL Injection Vulnerability

PowerPortal is vulnerable to remote SQL injection due to a failure in validating user-supplied input before including it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted request to the affected application.

Mitigation:

To mitigate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before including it in an SQL query. Use parameterized queries or prepared statements to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11681/info

PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. 

PowerPortal 1.3 is reported prone to this vulnerability, however, it is possible that other versions are affected as well.

http://www.example.com/pp13/index.php?index_page=and 1=1