Info

Disclosure

Oct 03, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

phpMyBitTorrent contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the helpdesk.php script not properly sanitizing user-supplied input to the 'title', 'problem', 'category', and 'priority' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Unknown
Disclosure: Third-party Verified, Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

phpMyBitTorrent

2.04

References

Exploit Database: 21743
Secunia Advisory ID: 50829
Related OSVDB ID: 86627 86628 86629 86630 86631 86632 86633 86634 86635 86636 86637 86638 86639 86640 86641 86642 86643 86644 86645 86646 86647 86648 86649 86650 86651 86652 86653 86654 86655 86656 86657 86658 86659 86660 86661 86662 86663 86664 86666 86667 86668
Mail List Post: http://seclists.org/fulldisclosure/2012/Oct/30
Other Advisory URL: http://www.waraxe.us/advisory-91.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86665