vendor:
ToursManager PhP Script
by:
XaDoS
7.5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: ToursManager PhP Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
ToursManager PhP Script <= Blind Sql Injection
ToursManager PhP Script is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries in the 'tourid' parameter of the 'tourview.php' script. By manipulating the 'tourid' parameter, an attacker can execute arbitrary SQL queries in the application's database. This can be exploited to manipulate SQL queries, and disclose sensitive information from the database, such as usernames and passwords.
Mitigation:
Input validation should be used to prevent SQL injection attacks. The application should use parameterized queries or stored procedures to prevent SQL injection attacks.
