x10 mirco blogging Sql Injection

vendor:

x10 mirco blogging

by:

ITSecTeam

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: x10 mirco blogging

Affected Version From: V121

Affected Version To: V121

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: a:x10media:x10_mirco_blogging:121

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

x10 mirco blogging Sql Injection

x10 mirco blogging V121 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Upgrade to the latest version of x10 mirco blogging V121.

Source

Exploit-DB raw data:

===========================================
x10 mirco blogging V121 SQL Injection Vulnerability
===========================================

############################################################################
#Title:             x10 mirco blogging Sql Injection                        
#Vendor:            www.x10media.com/micro-blog-script                      
#Dork:              "mirco blogging"                                        

############################################################################
#AUTHOR:            ITSecTeam                                               
#Email:             Bug@ITSecTeam.com                                       
#Website:           http://www.itsecteam.com                                
#Forum :            http://forum.ITSecTeam.com                              
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability35.htm
#Thanks:            Pejvak,M3hr@nS,r3dm0v3,am!rkh@n                         
############################################################################


Exploit :
############################################################################
http://Site.com/x10_mirco_blogging_v121/all_blogs.php?user=SqlInjection Code
############################################################################