Forum Thread: CommodityRentals Books/eBooks Rentals Script "cat_id" SQL Injection

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
CommodityRentals Books/eBooks Rentals Script "cat_id" SQL Injection

This thread has been marked as locked.
Secunia CommodityRentals Books/eBooks Rentals Script "cat_id" SQL Injection
Secunia Official 11th Feb, 2010 18:33
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Don Tukulesto has reported a vulnerability in Books/eBooks Rentals Script, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat_id" parameter in index.php (when "view" is set to "gamecatalog") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

No one has replied to this thread yet - be the first
This thread has been marked as locked.