Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'SQL Injection' Category

Joomla Jom Comment Component Unspecified SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: Joomla Jom Comment Component
Affected Version: version 2.0 and other versions.
Vendor’s URL: Joomla Jom Comment Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.2.

WordPress WP-Download Plugin SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: WordPress WP-Download Plugin
Affected Version: 1.2 and other versions.
Vendor’s URL: WordPress WP-Download Plugin
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.1.

AuraCMS SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: AuraCMS
Affected Version: 2.2.1 and other versions.
Vendor’s URL: AuraCMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

PHP Photo Gallery SQL Injection

Published by TL Guan April 18th, 2008 in Image Galleries and SQL Injection.

Application: PHP Photo Gallery
Affected Version:
Vendor’s URL: PHP Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

KnowledgeQuest SQL Injection and Security Bypass

Published by TL Guan April 18th, 2008 in Access Bypass and SQL Injection.

Application: KnowledgeQuest
Affected Version: 2.6 and other versions.
Vendor’s URL: KnowledgeQuest
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized. Restrict access to the admincheck.php

LiveCart SQL Injection Vulnerability

Published by TL Guan April 18th, 2008 in SQL Injection.

Application: LiveCart
Affected Version: 1.1.1 trial version and other versions.
Vendor’s URL: LiveCart
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

KwsPHP ConcoursPhoto Module SQL Injection

Published by TL Guan April 18th, 2008 in Image Galleries and SQL Injection.

Application: KwsPHP ConcoursPhoto Module
Affected Version: 2.0 and prior version.
Vendor’s URL: KwsPHP ConcoursPhoto Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.1.

Coppermine Photo Gallery SQL Injection

Published by TL Guan April 18th, 2008 in Image Galleries and SQL Injection.

Application: Coppermine Photo Gallery
Affected Version: 1.4.16 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.17.

phpkb Knowledge Base SQL Injection

Published by TL Guan April 18th, 2008 in SQL Injection.

Application: phpkb Knowledge Base
Affected Version: 1.5 and 2.0 and other versions.
Vendor’s URL: phpkb Knowledge Base
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

1024 CMS SQL Injection and File Inclusion

Published by TL Guan April 18th, 2008 in Content Management, File Inclusion and SQL Injection.

Application: 1024 CMS
Affected Version: 1.4.1 and other versions.
Vendor’s URL: 1024 CMS
Bug Type: SQL Injection, File Inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

cpCommerce Multiple Vulnerabilities

Published by TL Guan April 18th, 2008 in Cross Site Scripting, E-Commerce and SQL Injection.

Application: cpCommerce
Affected Version: 1.1.0 and other versions.
Vendor’s URL: cpCommerce
Bug Type: Cross Site Scripting and SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

Coppermine Photo Gallery SQL Injection

Published by TL Guan April 18th, 2008 in Image Galleries and SQL Injection.

Application: Coppermine Photo Gallery
Affected Version: 1.4.17 and other versions.
Vendor’s URL: Coppermine Photo Gallery
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 1.4.18.

RunCMS Photo Module SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: RunCMS Photo Module
Affected Version: 3.02 and other versions.
Vendor’s URL: RunCMS Photo Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla rekry!Joom Component SQL Injection

Published by TL Guan April 18th, 2008 in Content Management and SQL Injection.

Application: Joomla rekry!Joom Component
Affected Version: 1.0.0 and other versions.
Vendor’s URL: Joomla rekry!Joom Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Alberghi Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Alberghi Component
Affected Version: 2.1.3 SR and other version.
Vendor’s URL: Joomla Alberghi Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Joovideo Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Joovideo Component
Affected Version: 1.2.2 PRO and other versions.
Vendor’s URL: Joomla Joovideo Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Restaurante Component “id” SQL Injection

Published by TL Guan March 21st, 2008 in Content Management and SQL Injection.

Application: Joomla Restaurante Component
Affected Version: 1.0 and other versions.
Vendor’s URL: Joomla Restaurante Component
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Joomla Acajoom PRO Component SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: Joomla Acajoom PRO Component
Affected Version: 1.2.5 and 1.1.5 and other versions.
Vendor’s URL: Joomla Acajoom PRO Component
Bug Type: SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

phpBP “id” SQL Injection

Published by TL Guan March 20th, 2008 in Discussion Boards and SQL Injection.

Application: phpBP
Affected Version: 2 RC3 (2.204) FIX4 and other versions.
Vendor’s URL: phpBP
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Apply fix: phpBP 2 RC3 2.204 FIX5.

XOOPS Tutorials Module “tid” SQL Injection

Published by TL Guan March 20th, 2008 in Content Management and SQL Injection.

Application: XOOPS Tutorials Module
Affected Version: 2.1b and other versions.
Vendor’s URL: XOOPS Tutorials Module
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

About

You are currently browsing the Exabytes Security Portal weblog archives for the SQL Injection category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional