Magic List Pro - 'view_archive.cfm?ListID' SQL Injection

EDB-ID:

26763


Author:

r0t

Type:

webapps


Platform:

CFM

Date:

2005-12-08


source: https://www.securityfocus.com/bid/15774/info

CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.

These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and conduct cross-site scripting attacks.

Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior are vulnerable.

Other versions of these applications may also be affected. 

http://www.example.com/view_archive.cfm?ListID=[SQL]