Wapkul Beta 3 SQL Injection Vulnerability

2013.10.01
Credit: Sarahma Security
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

##################### ______ __ ______ / \ / | / \ /000000 | ______ ______ ______ 00 |____ _____ ____ ______ /000000 | ______ _______ 00 \__00/ / \ / \ / \ 00 \ / \/ \ / \ 00 \__00/ / \ / | 00 \ 000000 |/000000 |000000 |0000000 |000000 0000 | 000000 | 00 \ /000000 |/0000000/ 000000 | / 00 |00 | 00/ / 00 |00 | 00 |00 | 00 | 00 | / 00 | 000000 |00 00 |00 | / \__00 |/0000000 |00 | /0000000 |00 | 00 |00 | 00 | 00 |/0000000 | / \__00 |00000000/ 00 \_____ 00 00/ 00 00 |00 | 00 00 |00 | 00 |00 | 00 | 00 |00 00 | 00 00/ 00 |00 | 000000/ 0000000/ 00/ 0000000/ 00/ 00/ 00/ 00/ 00/ 0000000/ 000000/ 0000000/ 0000000/ ##################### Product: Wapkul Beta 3 SQL Injection Vulnerability Vendor: Wapkul Vendor Notification: Sept 3, 2013 Public Disclosure: Sept 10, 2013 Vulnerability Type: Sql Injection Risk Level: High Discovered and Provided By: Sarahma Security Website : wwww.sarahma.co.id Email : research@sarahma.co.id ======================== SQL Injection ======================== Found on Index.php at p parameter http://localhost/wapkul/index.php?p=1{SQL_HERE} ======================== Solution : ======================== No Update Until This Advisory published ======================== Timeline: ======================== 2013-09-03 Provided details vulnerability to vendor 2013-09-07 No Response From vendor 2013-09-08 Advisory published


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top