header-logo
Suggest Exploit
vendor:
SiteEnable
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SiteEnable
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

SiteEnable SQL Injection Vulnerability

SiteEnable is reported prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent malicious input from entering the application. Additionally, database permissions should be configured to limit the scope of any potential attack.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12985/info

SiteEnable is reported prone to an SQL injection vulnerability.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

All versions of SiteEnable are considered vulnerable at the moment.

http://www.example.com/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20* FROM bla bla--

Navigation

Suggest Exploit

Services By CQR

cqrsecured