SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/146071/Professional-Local-Directory-Script-1.0-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/43870/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2018-01-25 17:29
Updated : 2023-12-10 12:30
NVD link : CVE-2018-5973
Mitre link : CVE-2018-5973
CVE.ORG link : CVE-2018-5973
JSON object : View
Products Affected
eihitech
- professional_local_directory_script
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')