[3/5] Efestech E-Kontör “id” SQL Injection

March 25th, 2008 by

[3/5] Efestech E-Kontör “id” SQL Injection

:RMx has reported a vulnerability in Efestech E-Kontör, which can be exploited by malicious people to conduct SQL injection attacks.Input passed to the "id" parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:RMx

Original post by sonia

[3/5] Efestech E-Kontör “id” SQL Injection

Related Articles:

[3/5] EfesTECH Video “catID” SQL Injection Vulnerability

[3/5] Joomla! jooget Component “id” SQL Injection

[3/5] Hunkaray Okul Portali “id” SQL Injection

[3/5] LI-Guestbook “country” SQL Injection Vulnerability

[3/5] ACG News Multiple SQL Injection Vulnerabilities

Posted in Advisories - Exploits | | [3/5] Efestech E-Kontör “id” SQL Injection

<< [3/5] phpAddressBook “skin” Local File Inclusion Vulnerabilities | [2/5] Novell eDirectory eMBox Utility Unspecified Vulnerability >>

Cybertrion Systems

[3/5] Efestech E-Kontör “id” SQL Injection

Categories

Archives:

Search:

Meta: