vendor:
WSN Guestbook
by:
UniquE-Key{UniquE-Cracker}
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: WSN Guestbook
Affected Version From: WSN Guest 1.21
Affected Version To: WSN Guest 1.21, WSN Guest 1.02
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
WSN Guest 1.21 Version Comments.PHP “ID” SQL Injection Exploit
The WSN Guest 1.21 version of the Comments.PHP script is vulnerable to SQL Injection. This can be exploited by an attacker to inject malicious SQL code into the 'id' parameter of the script. The exploit allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of the WSN Guestbook members.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL Injection attacks.