phpkb Knowledge Base ID SQL Injection Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

phpkb Knowledge Base ID SQL Injection Vulnerability - Security - World -

CWRedLight

(Date : 14.04.2008 20:03:56)

phpkb Knowledge Base ID SQL Injection Vulnerability

Secunia Advisory:	SA29791
Release Date:	2008-04-14

Critical:	Moderately critical
Impact:	Manipulation of data
Where:	From remote
Solution Status:	Unpatched

Software:	phpkb Knowledge Base 1.x phpkb Knowledge Base 2.x

Description:
parad0x has reported a vulnerability in phpkb Knowledge Base, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ID" parameter in comment.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions 1.5 and 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
parad0x

Original Advisory:
http://milw0rm.com/exploits/5428

Derecelendir

Kaynak

http://secunia.com/advisories/29791/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS