[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

www.eVuln.com : "time" SQL Injection vulnerability in WSN Guest

www.eVuln.com advisory:
"time" SQL Injection vulnerability in WSN Guest


eVuln ID: EV0175
Software: WSN Guest
Vendor: n/a
Version: 1.24
Critical Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
PoC: Not available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )


SQL Injection in "time" parameter
It is possible to inject SQL expression using "time" parameter in the "memberlist.php" script.
Parameter "time" is used in SQL query without proper sanitation.

PoC code is available at:

Not available

Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/code-analysis.html - website source code analysis