time SQL Injection vulnerability in WSN Guest
- time SQL Injection vulnerability in WSN Guest
- Last Update
- n/a n/a
- Risk Level
- SQL Injection
- Unpatched. Vendor notified. No reply from developer(s).
- Vulnerable Software
- WSN Guest (http://www.webmastersite.net/?section=wsnguest)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in WSN Guest (http://www.webmastersite.net/?section=wsnguest) script.
- SQL Injection in "time" parameter
- It is possible to inject SQL expression using time parameter in the memberlist.php script.
Parameter time is used in SQL query without proper sanitation.
SQL Injection Example
SQL Injection PoC:
SQL expression injection is possible after ORDER BY.
Solution for "time SQL Injection vulnerability in WSN Guest" is not available. Check vendor's website for updates.
Order Source Code Analysis made by eVuln team
Protect a website or web application by source code audit of your site done by Aliaksandr Hartsuyeu.The work will be done by experts in web security.