vendor:
Recipes
by:
ajann
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Recipes
Affected Version From: <= 2.0
Affected Version To: <= 2.0
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Platforms Tested:
Not mentioned
ScriptMagix Recipes <= 2.0 (index.php catid) Remote Blind SQL Injection Exploit
This exploit allows an attacker to execute SQL queries and retrieve sensitive information from the target system. The vulnerability exists in the index.php file of ScriptMagix Recipes version 2.0 or earlier, specifically in the catid parameter. By manipulating this parameter, an attacker can inject malicious SQL code and retrieve the usernames and passwords of the admin accounts.
Mitigation:
Update to a patched version of ScriptMagix Recipes that addresses the SQL injection vulnerability. Sanitize user input to prevent SQL injection attacks.