vendor:
Simple Dynamic Web Site
by:
lahilote
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Simple Dynamic Web Site
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: xampp
2016
Simple Dynamic Web SQL Injection
The audit_list in /page.php contains a vulnerability to SQL injection. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the web application. This can be done by appending a malicious SQL query to the 'prodid' parameter in the URL. This can allow an attacker to gain access to the database and potentially execute arbitrary code.
Mitigation:
Simple method's use the php function intval.
