|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
realGuestbook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'save_entry.php' script not properly sanitizing user-supplied input to the 'name', 'email', 'homepage' and 'text' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Rumored / Private
OSVDB:
Web Related
|
|
Technical |
This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
realGuestbook
 |
V5 |
|
|
|
|
Credit |
- Trew - trew.revolution
 gmail.com - http://trew.icenetx.net
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
