[eVuln] Teca Diary PE SQL Injection Vulnerability Feb 23 2006 03:45PM
alex evuln com
New eVuln Advisory:
Teca Diary PE SQL Injection Vulnerability

eVuln ID: EV0075
CVE: CVE-2006-0729
Software: Teca Diary PE
Sowtware's Web Site: http://www.teca-scripts.com
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Vulnerable script: functions.php

Variables $yy $mm $dd are not properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

Available at: http://evuln.com/vulns/75/exploit.html

No Patch available.

Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus