vendor:
Link Directory
by:
Daniel Godoy
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Link Directory
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2012
Webify Link Directory / SQL Injection
An SQL injection vulnerability exists in Webify Link Directory, which allows an attacker to execute arbitrary SQL commands on the underlying database. This can be exploited to manipulate data, disclose sensitive information, or gain access to the system. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script when handling a 'page=browse' request. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered, and special characters should be escaped before being used in SQL queries.
