BirthSys SQL Injection Vulnerability

CVE	Category	Price	Severity
CVE-2006-0775	CWE-89	Not disclosed	High

Author	Risk	Exploitation Type	Date
Not specified	High	Remote	2006-02-25

CPE
cpe:cpe:/a:birthsys:birthsys:1.0

CVSS	EPSS	EPSSP
CVSS: N/A	0.02192	0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006020071

Below is a copy:

New eVuln Advisory:
BirthSys SQL Injection Vulnerability
http://evuln.com/vulns/74/summary.html

--------------------Summary----------------
eVuln ID: EV0074
CVE: CVE-2006-0775
Software: BirthSys
Sowtware's Web Site: http://clvfoto.free.fr/site/download.php3
Versions: 3.1
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable script: show.php

Variables $month $date are not properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

--------------Exploit----------------------
Available at: http://evuln.com/vulns/74/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum