Fishing Reservation System part of multi vulnerability

0

Vulnerability Laboratory reported today multi vulnerability in the Fishing reservation System.

The Fishing Reservation System is a system, then help people and business to find the best offer for fishing industries.

Vulnerability Laboratory says, then this Fishing Reservation system is part of multi vulnerability with SQL Injection method.

Multiple remote SQL-injection web vulnerabilities has been discovered in the official Fishing Reservation System application.
The vulnerability allows remote attackers to inject or execute own SQL
commands to compromise the dbms or file system of the application.

The remote SQL injection web vulnerabilities are located in the PID, type and id parameters in the admin.php control panel file.

Guest accounts or low privileged user accounts are able to inject and execute own malicious SQL commands as statement to compromise the local database and affected management system.

The request method to inject/execute is GET and the attack vector is client-side. The vulnerability is a classic order by remote SQL injection web vulnerability.

LEAVE A REPLY

Please enter your comment!
Please enter your name here