vendor:
uGround
by:
ea$y laster
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: uGround
Affected Version From: uGround v1.0b
Affected Version To: uGround v1.0b
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
unknown
uGround v1.0b SQL Injection
The uGround v1.0b SQL Injection vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This can be exploited to gain access to sensitive information stored in the database, such as user credentials. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'download' parameter of the 'index.html' page.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized.
