SQL Injection Vulnerability in Teca Diary PE
Summary
- Vulnerability
- SQL Injection Vulnerability in Teca Diary PE
- Discovered
- 2006.02.11
- Last Update
- 2006.02.21 Exploitation code published
- ID
- EV0075
- CVE
- CVE-2006-0729
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- Teca Diary PE (http://www.teca-scripts.com)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in Teca Diary PE (http://www.teca-scripts.com) script.
Vulnerable script: functions.php
Variables $yy $mm $dd are not properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
PoC/Exploit
SQL Injection Example:
http://host/tecadiary/index.php?yy=2006&mm=02&dd=111'%20union%20select%20111,222,333/*
Solution.
Solution for "SQL Injection Vulnerability in Teca Diary PE" is not available. Check vendor's website for updates.