EZDatabase 2.1.2 - 'index.php?db_id' SQL Injection

EDB-ID:

26854




Platform:

PHP

Date:

2005-12-16


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/15908/info
 
ezDatabase is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
 
ezDatabase is prone to an SQL injection vulnerability and a local file include vulnerability. Successful exploitation of these issues may result in the disclosure of sensitive information, a compromise of the database or the execution of arbitrary local server-side script code. This may facilitate a compromise of the underlying system; other attacks are also possible.
 
This issue affects version 2.1.2; other versions may also be affected.

http://www.example.com/index.php?p=getcat&db_id=[SQL]