SQL Injection vulnerability in Createauction

vendor:

Createauction

by:

Unknown

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Createauction

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

SQL Injection vulnerability in Createauction

The application Createauction is vulnerable to an SQL-injection vulnerability. It fails to properly sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate this vulnerability, input validation and parameterized queries should be implemented to ensure that user-supplied data is properly sanitized before using it in SQL queries.

Source

SQL Injection vulnerability in Createauction

Mitigation:

Exploit-DB raw data: