header-logo
Suggest Exploit
vendor:
SimplePoll
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SimplePoll
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not available
CPE: a:simplepoll_project:simplepoll
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SimplePoll SQL Injection Vulnerability

SimplePoll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The vulnerability can be exploited by using a specially crafted payload in the 'pollid' parameter.

Mitigation:

To mitigate this vulnerability, input validation and sanitization should be implemented to ensure that user-supplied input is properly handled and does not contain malicious SQL statements. Prepared statements or parameterized queries should be used to prevent SQL injection attacks. Additionally, the principle of least privilege should be followed to limit the database user's permissions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15508/info

SimplePoll is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

http://www.example.com/SimplePoll/results.php?pollid=-1' UNION SELECT 1,2,3,4,5,6,7,8,9,0,1,2,3/*

Navigation

Suggest Exploit

Services By CQR