- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 31848
- Проверка EDB
-
- Пройдено
- Автор
- UNOHOPE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6618
- Дата публикации
- 2008-05-26
Код:
source: https://www.securityfocus.com/bid/29372/info
ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability.
Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.
ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable.
http://www.example.com/class/MessageReply.php?teacher_id=1&message_id=-99'+union+select+teacher_account,teacher_password,3,4+from+teacher/*- Источник
- www.exploit-db.com
