vendor:
Mafia Game Script
by:
DeadLy DeMon
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Mafia Game Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP 3 and Backtrack4 any other OS
2010
WebScript Mafia Game Script (profile.php) <<= SQL injection Vulnerability
The vulnerability exists in the profile.php file of the WebScript Mafia Game Script, which allows an attacker to inject malicious SQL queries into the application. The vulnerability can be exploited by sending a specially crafted HTTP request to the vulnerable application. This can result in the execution of arbitrary SQL commands in the back-end database, potentially resulting in the manipulation or disclosure of application data.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
