Lore does not adequately filter user-submitted URIs, and remote attackers can exploit vulnerabilities for SQL injection attacks to obtain sensitive information.
The problem is that the ' article.php ' script lacks sufficient filtering for user-submitted ' id ' parameters, submits a malicious SQL query as parameter data, can change the original SQL logic, obtain sensitive information, or possibly manipulate the database.
Bugtraq id:15665
Cncan id:cncan-2005120207
Vulnerability message time: 2005-12-01
Vulnerability causes
Input validation Error
Impact system
Lore 1.5.4
Harm
Remote attackers can exploit vulnerabilities for SQL injection attacks to obtain sensitive information.
Conditions required for the attack
An attacker would have to access lore.
Test method
Http://www.example.com/article.php?id=1[sql]
Vendor Solutions
There are no solutions available at this time, please follow the links below:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.