123782 : Land Down Under / Seditio Polls.php Id Parameter SQL Injection

Risk 4 : Web Services

The remote version of Land Down Under or Seditio fails to sanitize input to the 'id' parameter of the 'polls.php' script before using it in a database query. Provided PHP's 'magic_quotes_gpc' setting is disabled, an unauthenticated attacker may be able to leverage this issue to uncover sensitive information (such as password hashes), modify existing data, or launch attacks against the underlying database.

Solution:
Unknown at this time.
References:
CVSS Information:
Partial Confidentiality Impact, Partial Integrity Impact, Partial Availability Impact
Credit:
Tenable : 2009-12-04
New Search
Keywords
Risk Factor
Start Date
End Date
Browse