vendor:
Pre Multi-Vendor Shopping Malls
by:
Sangteamtham@gmail.com
9,3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Pre Multi-Vendor Shopping Malls
Affected Version From: 1.0
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2009-3245
CPE: a:preproject:pre_multi-vendor_shopping_malls
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0440/, https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0015-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0018-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0977/, https://www.rapid7.com/db/vulnerabilities/hpux-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/ibm-aix-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0162/, https://www.rapid7.com/db/vulnerabilities/apple-osx-airport-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/apple-osx-openssl-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-3245/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0173/, https://www.rapid7.com/db/vulnerabilities/http-openssl-cve-2009-3245/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability
This vulnerability allows an attacker to inject malicious SQL code into the vulnerable application. The attacker can then gain access to the database and extract sensitive information such as usernames and passwords.
Mitigation:
The best way to mitigate this vulnerability is to use parameterized queries and to properly sanitize user input.
