PHP.Labs.Top.Auction.SQL.Injection
Description
PHP Labs' Top Auction has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "viewcat.php" script, with injecting SQL statements in the "category" or "type" parameter.
Affected Products
PHP Labs Top Auction
PHP Labs Survey Wizard
Impact
SQL injection.
Recommended Actions
Currently we are not aware of any official supplied fix for this issue.
http://www.phplabs.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |