header-logo
Suggest Exploit
vendor:
PHPenpals
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPenpals
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SQL Injection Vulnerability in Jevontech PHPenpals

The vulnerability allows an attacker to inject SQL code into the application's database query by manipulating the 'personalID' parameter in the URL. This can lead to unauthorized access, data disclosure, data modification, and potential exploitation of other vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, the application should implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, the use of least privilege principles and proper error handling can help minimize the impact of a successful exploit.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16109/info

Jevontech PHPenpals is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/phpenpals/profile.php?personalID=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,password,14%20from%20admin/*

Navigation

Suggest Exploit

Services By CQR