Wikidforum 2.10 – Advanced Search Multiple Field SQL Injections

Exploit Database
53 阅读

作者： Stefan Schurtz

日期： 2012-03-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36946/

source: https://www.securityfocus.com/bid/52425/info

Wikidforum is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Wikidforum 2.10 is vulnerable; other versions may also be affected. 


Search-Field -> Advanced Search -> POST-Parameter 'select_sort' -> [sql-injection]
Search-Field -> Advanced Search -> POST-Parameter 'opt_search_select' -> [sql-injection]

last Exploits
Wikidforum 2.10 – Advanced Search Multiple Field SQL Injections的更多信息

osTicket 1.12 – Persistent Cross-Site Scripting：
LetoDms 1.4.x – ‘lang’ Local File Inclusion：
JAMF Casper Suite MDM – Cross-Site Request Forgery：
OpenEMR 5.0.1.3 – Remote Code Execution (Authenticated)：
Cisco Data Center Network Manager 11.2 – Remote Code Execution：
timelive time and expense tracking 4.1.1 – Multiple Vulnerabilities：
File Lite 3.3/3.5 PRO iOS – Multiple Vulnerabilities：
Plogger – Multiple Input Validation Vulnerabilities：