holisticinfosec.org - HIO-2008-0810 Papoo CMS SQLi

Home
Blog
ISSA JRN's toolsmith
Best Practices
Links
Research
How To
Standards
Publications & Events
Simplicity
Philosophy
GNU GPL
In The News
F-Secure World Map
News
Security News Feeds
Open SRC Definition
Contact
Search

"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked - Richard Clarke"

RSS

HIO-2008-0810 Papoo CMS SQLi

Papoo CMS is a popular German "accessible" CMS.

All versions of Papoo exhibit a SQL injection vulnerability,
SQLi occurs where the "suchanzahl" variable doesn't properly sanitize input submitted to the index.php script.
This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

CVE-2008-3724

BID: 30752

OSVDB: 47554

SA: 31520

XF: 44516

Vendor Solution: Patch (all versions)

< Prev		Next >

[ Back ]