SQL Injection Vulnerability in Maian Events

Summary

Vulnerability
SQL Injection Vulnerability in Maian Events
Discovered
2006.03.16
Last Update
2006.04.08 Solution added
ID
EV0102
CVE
CVE-2006-1341
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notyfied.
Vendor
n/a
Vulnerable Software
Maian Events (http://www.maianscriptworld.co.uk/)
Version
1.0
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Maian Events (http://www.maianscriptworld.co.uk/) script.

Vulnerable script: events.php

Parameters month, year are not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection Example:

http://[host]/menu.php?month=4&year=2006%20or%201/*

Solution.

To fix this problem install or upgrade to version 1.1

http://www.maianscriptworld.co.uk/scripts_events.html (http://www.maianscriptworld.co.uk/scripts_events.html)