vendor:
Traidnt Up
by:
Ali Sami
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Traidnt Up
Affected Version From: 3
Affected Version To: 3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2015
Traidnt Up v3.0 SQL Injection
The 'getIpAddr' function in the 'classUserdb.php' file of Traidnt Up v3.0 prioritizes untrusted user input entry (HTTP_CLIENT_IP & HTTP_X_FORWARDED_FOR) over the trusted one (REMOTE_ADDR) and does not perform sanitization.
Mitigation:
Implement proper input validation and sanitization to prevent SQL Injection attacks.