Users of WSN Links please be advised of a SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
WSN-SA-10/31/2010: 'WSN Links' SQL Injection Vulnerability
DESCRIPTION
---------------------------------------
A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assembling
portions of SQL code between the affected parameters, successful SQL injection into the software can occur. In the
testing done, various 'UNION SELECT' SQL injections can occur. Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/ej3w
No comments:
Post a Comment