Wednesday, December 1, 2010

Easy Banner Free: SQL Injection Vulnerability

Users of Easy Banner Free please be advised of a SQL injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
EV0147: [EV0147] SQL injection Auth Bypass in Easy Banner Free
Software: Easy Banner Free
Type: SQL injection
--------Description--------
Vulnerability exists in member.php script.
User-defined parameters username and password are not properly sanitized against SQL injections.
This can be used to bypass authentication or execute arbitrary SQL query.
Read more at www.criticalwatch.com
 
See this Amp at http://bit.ly/fmnPLn

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)