KnowledgeQuest SQL Injection and Security Bypass - Exabytes Security Portal

Categories

Applications (255)
Blogs (7)
Content Management (167)
Customer Relationship (4)
Discussion Boards (37)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (366)
Access Bypass (55)
Cross Site Scripting (138)
Denial Of Service (2)
File Inclusion (54)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (140)

KnowledgeQuest SQL Injection and Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and SQL Injection.

Application: KnowledgeQuest
Affected Version: 2.6 and other versions.
Vendor’s URL: KnowledgeQuest
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized. Restrict access to the admincheck.php

Search

Subscribe

Entries RSS

Latest