13 lines
No EOL
784 B
Text
13 lines
No EOL
784 B
Text
source: https://www.securityfocus.com/bid/53708/info
|
|
|
|
Nilehoster Topics Viewer is prone to multiple SQL-injection vulnerabilities and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
|
|
|
|
An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. By using directory-traversal strings to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
|
|
|
|
Topics Viewer 2.3 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com//search.php?q=[SQLi]
|
|
|
|
http://www.example.com//lost.php/ [SQLi]
|
|
|
|
http://www.example.com/footer.php? [LFI] |