vendor:
Xoops Module MyAds
by:
ajann
7.5
CVSS
HIGH
BLIND SQL Injection
CWE
Product Name: Xoops Module MyAds
Affected Version From: v2.04jp and below
Affected Version To: v2.04jp
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Xoops Module MyAds Bug Fix <= v2.04jp (index.php cid) BLIND SQL Injection Exploit
The Xoops Module MyAds Bug Fix <= v2.04jp (index.php cid) has a blind SQL injection vulnerability that allows an attacker to execute arbitrary SQL queries on the database. The vulnerability exists in the 'cid' parameter of the 'index.php' file. By injecting SQL queries, an attacker can bypass authentication and gain unauthorized access to the database.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a version of Xoops Module MyAds that is not affected by this bug. It is also advised to sanitize user input and implement proper input validation to prevent SQL injection attacks.