eFront 3.6.10 – ‘professor.php’ Script Multiple SQL Injections

Exploit Database
120 阅读

作者： Vulnerability Research Laboratory

日期： 2011-10-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36259/

source: https://www.securityfocus.com/bid/50419/info

eFront is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

eFront 3.6.10 is vulnerable; other versions may also be affected.

http://www.example.com/enterprise/www/professor.php?ctg=survey&action=preview&surveys_ID=1+and%201=0--

http://www.example.com/enterprise/www/professor.php?ctg=survey&action=preview&surveys_ID=1+and%201=1--

last Exploits
eFront 3.6.10 – ‘professor.php’ Script Multiple SQL Injections的更多信息

stoneware webnetwork6 – Multiple Vulnerabilities：
DotNetNuke 9.5 – File Upload Restrictions Bypass：
CMS Faethon 1.3.4 – ‘articles.php’ Multiple SQL Injections：
Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) via Add Artwork：
Bus Booking Script 1.0 – ‘txtname’ SQL Injection：
Humax HG100R 2.0.6 – Backup File Download：
iGaming CMS – Multiple SQL Injections：
Marinet CMS – ‘room2.php?roomid’ SQL Injection：