vendor:
RealAdmin
by:
AtT4CKxT3rR0r1ST
7,5
CVSS
HIGH
Blind Sql Injection
89
CWE
Product Name: RealAdmin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
RealAdmin (detail.php) Blind Sql Injection Vulnerability
A Blind SQL Injection vulnerability exists in RealAdmin's detail.php page, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the user input passed to the 'id' parameter not being properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands and compromise the application, disclose sensitive information, etc.
Mitigation:
Input validation should be used to prevent SQL injection attacks. Additionally, SQL queries should be constructed using parameterised queries or stored procedures.
