vendor:
Vizayn Urun Tanitim Sistemi
by:
ertuqrul
7.5
CVSS
HIGH
Remote SQL Injection
CWE
Product Name: Vizayn Urun Tanitim Sistemi
Affected Version From: v0.2
Affected Version To: v0.2
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Vizayn Urun Tanitim Sistemi v0.2 (tr) Remote SQL Injection Vulnerability
This vulnerability allows an attacker to perform a remote SQL injection attack on the Vizayn Urun Tanitim Sistemi v0.2 (tr) script. By manipulating the 'id' parameter in the 'default.asp' file, an attacker can retrieve sensitive information from the admin table, including the admin username, password, and email address.
Mitigation:
The vendor should release a patch to fix the SQL injection vulnerability. In the meantime, users are advised to implement input validation and parameterized queries to prevent SQL injection attacks.