RSS-aggregator 1.0 - 'IdFlux' SQL Injection

EDB-ID:

32001




Platform:

PHP

Date:

2008-06-30


source: https://www.securityfocus.com/bid/30016/info

RSS-aggregator is prone to multiple SQL-injection and authentication-bypass vulnerabilities.

A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, and gain administrative access to the affected application.

RSS-aggregator 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection]