- Description
- SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Regarding Access Complexity: http://secunia.com/advisories/31292: "Input passed to the "autid" parameter in authordetail.php and to the "Cat" parameter in categorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled."
- Solution
- Regarding Access Complexity: http://secunia.com/advisories/31292: "Input passed to the "autid" parameter in authordetail.php and to the "Cat" parameter in categorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled."
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:articlefriendly:article_friendly:*:*:standard:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB08BE69-564F-4448-9090-0077B577FD22"
}
],
"operator": "OR"
}
]
}
]