PHP Planner 0.4 SQL Injection

2016.07.20
Credit: N_A
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

PHP Planner SQL Injection Vulnerability , Discovered by N_A , N_A[at]tutanota.com ================================================================================= Description =========== This is a basic PHP Calendar with lots of features and possiblities. Uses mySQL as backend and is fitted with an account based system https://sourceforge.net/projects/phpplanner Vulnerability ============= An SQL Injection vulnerability is present within the register.php file of the package which results in arbitary command execution. register.php, snippet of vulnerable code: ========================================= if (isset($_POST['Submit'], $_POST['email'], $_POST['username'], $_POST['password'], $_POST['password2'], $_POST['name']) && IsEmailValid($_POST['email'])) { A A A A A A $SQL = mysql_query("SELECT * FROM cal_users WHERE username = '". $_POST['username'] ."' OR password = '". MD5($_POST['password']) ."' OR email = '". $_POST['email'] ."'"); As we can see the 'username','password' and 'email' variables are passed unchecked into the SQL query via the POST method. email ==> N_A[at]tutanota.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top