vendor:
Silentum Guestbook
by:
Bgh7
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Silentum Guestbook
Affected Version From: 2.0.2
Affected Version To: 2.0.2
Patch Exists: NO
Related CWE: N/A
CPE: a:silentum:silentum_guestbook:2.0.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Silentum Guestbook v2.0.2 (silentum_guestbook.php) Sql Injection Vuln.
Silentum Guestbook v2.0.2 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames, passwords, and emails. The vulnerable parameter is 'messageid' which can be manipulated to inject malicious SQL code. An example of the malicious code is 'silentum_guestbook.php?messageid=-1 UNION ALL SELECT 0,0,0,0,concat(u_name,0x3a,u_password,0x3a,u_email),0,0 FROM silentum_admin/'.
Mitigation:
The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in a SQL query.
