vendor:
SitioOnline
by:
4lG3r14n0-t3r0
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SitioOnline
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
SitioOnline SQL Injection Vulnerability
SitioOnline is vulnerable to SQL injection attacks. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. For example, an attacker can send a malicious SQL query to the vulnerable lista_articulos.php?id_categoria= parameter to extract sensitive information from the database. Another example is sending a malicious SQL query to the vulnerable detalle_articulo.php?id_producto= parameter to extract sensitive information from the database.
Mitigation:
Developers should always use parameterized queries to prevent SQL injection attacks. Additionally, developers should also use input validation techniques to prevent malicious input from entering the application.