vendor:
Pub Site Directory
by:
t0pP8uZz & xprog
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Pub Site Directory
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Prozilla Pub Site Directory SQL Injection Vulnerability
The vulnerability allows an attacker to extract users and admins login information. The exploit involves using a UNION SELECT statement to retrieve the username and password.
Mitigation:
The vulnerability can be mitigated by implementing proper input validation and parameterized queries to prevent SQL injection attacks.