vendor:
by:
t0pP8uZz & xprog
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Traffic Stats SQL Injection Vulnerability
The vulnerability allows an attacker to extract admin email/passwords by exploiting a SQL Injection vulnerability in the 'referralUrl.php' script. By using a UNION-based SQL injection, an attacker can retrieve the email and password of the admin from the 'StatAdmin' table.
Mitigation:
To mitigate this vulnerability, the application should implement proper input validation and sanitization techniques to prevent SQL injection attacks. Additionally, using parameterized queries or prepared statements can help protect against SQL injection.