RSS-aggregator 1.0 - 'IdTag' SQL Injection

EDB-ID:

32002




Platform:

PHP

Date:

2008-06-30


source: https://www.securityfocus.com/bid/30016/info
 
RSS-aggregator is prone to multiple SQL-injection and authentication-bypass vulnerabilities.
 
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, and gain administrative access to the affected application.
 
RSS-aggregator 1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection]